windows browsers send ntlm instead of kerberos tokens - Kerberos

This is a discussion on windows browsers send ntlm instead of kerberos tokens - Kerberos ; hello, i have a situation where SSO (Single Sign On) for Oracle Portal uses Kerberos tokens ( Windows Authentacation) to "sign on" to an Oracle system. Only for some users, this doesn't work and the regular sign on box appears. ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: windows browsers send ntlm instead of kerberos tokens

  1. windows browsers send ntlm instead of kerberos tokens

    hello, i have a situation where SSO (Single Sign On) for Oracle Portal uses
    Kerberos tokens ( Windows Authentacation) to "sign on" to an Oracle system.
    Only for some users, this doesn't work and the regular sign on box appears.
    We have found that this is because the client PC uses the NTLM token to
    authenticate rather than the Kerberos token. We have norrowed it down to
    the profile on the client PC for that user but we are still UNABLE to
    correct the issue. Since we have many users that will be using this system
    (once it goes live) we obviously don't want to run into this problem on a
    daily basis. Would you or anyone on your team have a solution to this
    issue? I appreciate any help in advance.

    Thanks again,

    DB.
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: windows browsers send ntlm instead of kerberos tokens

    On Thursday 03 August 2006 04:28, Daniel B. Bailey wrote:
    > hello, i have a situation where SSO (Single Sign On) for Oracle Portal uses
    > Kerberos tokens ( Windows Authentacation) to "sign on" to an Oracle system.


    What Webbrowsers do you use?
    What KDC-Software do you use?
    What GSSAPI-implementation is used, SSPI and/or KfW?

    > Only for some users, this doesn't work and the regular sign on box appears.
    > We have found that this is because the client PC uses the NTLM token to
    > authenticate rather than the Kerberos token.


    What happens if that users run

    1. kinit theiruserpricipal
    2. kvno principalofwebserver ?

    > I appreciate any help in advance.


    Maybe some hints from my


    are helpful, for example 6.c, 9, 10

    Achim
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread