> So, you should have a look at what travels between the peers.
Thanks, Rick, I looked into it, but my negotiate messages look like this:
"Negotiate YIID..." which I think means that they're kerberos messages?
Anyone have any other ideas of what could be causing the continue_needed
message the
Hi, I'm implementing SPNEGO & Kerberos authentication in our application's
webserver code and have it working fine when the KDC is Active Directory.
I'm now testing it with an MIT KDC instance and when I attempt to
authenticate a user who has a ticket from that KDC I get a
GSS_S_CONTINUE_NEEDED sta
I had a typo in my command and so I accidentally did a normal 'make install'
when I meant to do an install to a specific directory by specifying
DESTDIR=/path/to/dir...
It doesn't seem that there's a 'make uninstall' included, is there another
command I'm missing that can do the uninstall?
Thank
I have a question about the use of the SPNEGO tokens sent from a client
browser. Based on my reading
(https://msdn.microsoft.com/en-us/library/ms995330.aspx +
https://tools.ietf.org/html/rfc4178#section-4.2) it seems like it is up to
the server application to decode the SPNEGO token and extract the
Thanks for your help Mike, your suggestion to look into DNS pointed me
towards this page:
http://web.mit.edu/Kerberos/krb5-1.13/doc/admin/princ_dns.html
where I found out about the *ignore_acceptor_hostname* setting. When I
changed that to true then it fixed my problem.
I'm unclear about what ex
I'm trying to modify a webserver that I work on to do SPNEGO authentication
with an Active Directory server. In preparation for that I've set up 2
machines to test the authentication and I thought I'd try and use an
existing simple webserver to check that I have them set up correctly before
I start
