[PATCH 8/9] kerberos: Don't include GSS_C_DCE_STYLE in default gss_init_sec_context() flags.

Hans Leidekker hans at codeweavers.com
Tue Jan 30 03:34:15 CST 2018

On Thu, 2018-01-25 at 20:51 +0800, Dmitry Timoshkov wrote:
> Sure, I can take a look. Can you show me how to reproduce your failure?
> Just run the tester, type http://wintest2.test.local in the "Url:" field
> and press "Test" button. Make sure that you have a valid TGT in the cache.
> (I assume that SPN "HTTP/wintest2.test.local" from the log you've provided
> ealier exists on the server, otherwise you may need to list available SPNs
> on the Windows side using 'setspn -T yourdomain.com - Q */*' and find one
> starting with HTTP/ prefix).

The tool expects a web server with a specific configuration. I
installed IIS 7.0, added the 'Windows Authentication' feature and
enabled it for the test site.

It turns out that it's testing the Negotiate provider, which doesn't do
the same three-leg authentication as the Kerberos provider.

More information about the wine-devel mailing list