Julien ALLANOS said:

> I am now facing to the following problem: browsers don't send NTLM 
tokens
> anymore but SPNEGO tokens (I believe). I don't really know what I did to 
make
> it work, but heh, it works. That's good.

For both NTLM and SPNEGO tokens, IE should send:

Authorization: Negotiate

followed by a base64-encoded token. To determine the type of token, 
capture and base64-decode the token. NTLM tokens begin with hex 4E 54 4C 
4D 53 53 50 which corresponds to "NTLMSSP" and SPNEGO tokens begin with 
hex 60 ... 06 06 2B 06 01 05 05 02 where ... is between 1 and 3 bytes long 
(most commonly 3 bytes). 06 06 2B 06 01 05 05 02 means 1.3.6.1.5.5.2, 
which identifies the SPNEGO GSSAPI mechanism.

Frank
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to