kerberos - Can I indicate to clients that SPNEGO is supported but NTLM is not for HTTP requests? -

Intranet Zone

IT in ISP

Entrance to server using integrated Windows authentication is enabled, Host is trusted in Firefox

Not server

/ Li>

, then Ntielm will be attempted.

My question is, is there a way to signal to the server that NTLM should not be sent? I currently handle this by keeping a track of the request in session, and if an NTLM message is received, this disables Kerberos and WWW-authentication for the remainder session session.

Initial WWW-certify header only conversations Specifies. It can not say anything else, like "NTLM not"

I think it is possible to respond to authenticity: {Base64 NTLMSSP} header sent by the customer to the header 401 Unauthorized and another conversation header, which may include a reaction token, possibly a supported microsoft which only specify Kerberos.

But I suspect that only you will get "unauthorized" , because it was falling back to NTLM in the first place.