Julien ALLANOS said: > I am now facing to the following problem: browsers don't send NTLM tokens > anymore but SPNEGO tokens (I believe). I don't really know what I did to make > it work, but heh, it works. That's good.
For both NTLM and SPNEGO tokens, IE should send: Authorization: Negotiate followed by a base64-encoded token. To determine the type of token, capture and base64-decode the token. NTLM tokens begin with hex 4E 54 4C 4D 53 53 50 which corresponds to "NTLMSSP" and SPNEGO tokens begin with hex 60 ... 06 06 2B 06 01 05 05 02 where ... is between 1 and 3 bytes long (most commonly 3 bytes). 06 06 2B 06 01 05 05 02 means 1.3.6.1.5.5.2, which identifies the SPNEGO GSSAPI mechanism. Frank ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos