Max (Weijun) Wang wrote:
Hi All
I've just installed a Windows 2008 system with IIS, and find something
confusing:
1. What does "Enable Kernel-mode authentication" mean?
When it's turned on, I can successfully authenticate using NTLM. When
it's off, the three NTLM packets looks fine, but the server does not
return 200 OK. In fact, it simply restarts the authentication process
with headers just like the initial response.
It seems to be something to do with the way they IIS gets hold of the
authentication credentials
from the OS. There's a brief note on it here:
http://technet.microsoft.com/en-us/library/cc771945.aspx
2. Kerberos (or SPNEGO) does not work?
I've configured the client to create a SPNEGO initial token and sent
it to the server, the server returns neither OK nor an error token,
again, it simply restarts the authentication process with headers just
like the initial response.
They seem to have introduced a new extension of SPNEGO called NEGOEX. Is
it possible
this mechanism is in use, instead of the old spnego?
- Michael
