This is even documented as a fact in the SPNEGO over HTTP Internet-Draft
published by Microsoft.
I talked with the I-D author about this and the reason why was not
because it is technically not possible as the exact same scheme in
theory works just fine for proxy authentication, but because it is not
implemented in Windows 2000 and the document describes their
implementation as of Windows 2000.
Can only speculate as to why they have not implemented support in later
versions. Seems like a rather trivial thing to do but maybe there is
something preventing SPNEGO from being used in MS-Proxy/ISA...
Regards
Henrik
Guido Serassio wrote:
> CAUSE
> =====
>
> This behavior occurs because Internet Explorer does not support Kerberos
> authentication with a proxy, and does not respond to a negotiate challenge from
> a proxy server.
>
> STATUS
> ======
>
> This behavior is by design.
Received on Fri Dec 06 2002 - 19:28:44 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:53 MST