ons 2006-12-20 klockan 07:47 -0500 skrev Brian J. Murrell:
> Hrm. Firefox seems to disagree, at least in it's implementation. Squid
> sends "Negotiate" as the authentication mechanism and Firefox responds
> with Kerberos.
The Negotiate HTTP scheme is defined by Internet RFC4559 "SPNEGO-based
Kerberos and NTLM HTTP Authentication in Microsoft Windows", which
specifies Kerberos within GSS-API as applied by SPNEGO..
Quote:
The "Negotiate" auth-scheme calls for the use of SPNEGO GSSAPI tokens
that the specific mechanism type specifies.
Relevant RFCs:
RFC4559 SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft
Windows (Negotiate)
RFC4178 The Simple and Protected Generic Security Service Application
Program Interface (GSS-API) Negotiation Mechanism (SPNEGO)
RFC2743 Generic Security Service Application Program Interface Version
2, Update 1. (GSS-API)
Now I am not an expert on how this translates to wire format so I leave
it to you to read and consider if what your Firefox does is sufficient
to meet the specifications or not..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST