Hello, I'm experiencing a strange thing again. I have a Windows 2003 server with apache2 + mod_spnego + kfw-2.6.5. This is the only box on the domain. When I login as a simple user and type klist at the command prompt, I can't see I have no TGT. From what I've understood about KRB5, a TGT should have been granted at user login, and thus should be visible with klist.
Accessing the web server using a well configured Internet Explorer or Firefox, I can see the browsers are sending NTLM (beginning with NTLMSSP) instead of Kerberos tokens, in response to the Negotiate authentication the server is asking for. With kinit -5, I can get a TGT without a problem, as well as with Leash. But launching the browsers again after that, and requesting the web server URL again, leads to a failure. As I don't want to use NTLM but Kerberos5 and I don't really understand what is going on, I'm asking for help here. Is my client session isn't configured to ask for a TGT at login? Can't it find the KDC? Is it failing because client session is opened on the same box as the KDC? Thanks for any help. -- Julien ALLANOS ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos