OK. I sat down to do some hacking of ntlm_auth and came to an interesting discovery...
Firefox in Linux does not appear to actually use SPNEGO when it's told
to use Negotiate (i.e. by setting the
network.negotiate-auth.{delgation,trusted}-uris. Or at least I could
not find any magic keys to make it do it.
What Firefox on Linux DOES do, is send native "KRB5 - Kerberos 5" (OID
1.2.840.113554.1.2.2 vs. OID 1.3.6.1.5.5.2 which is for SPNEGO) data in
the Negotiate blob -- and ntlm_auth appears to be completely unable to
handle this -- unsurprisingly.
Probably, a helper supporting this native KRB5 blob is ideal, but for
easier hacking of the ntlm_auth helper, if anyone knows how to force
Firefox on Linux to wrap the Negotiate goop in SPNEGO, I'd appreciate
knowing how.
Now on to other avenues of exploration with Negotiate.
Cheers,
b.
--
My other computer is your Microsoft Windows server.
Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
