[proposed enhancement] Option to suppress NTLM (forceNegotiate)?

[fusscreme]

Hi,

Is there a possibility to suppress NTLM authentification and to only use Negotiate (Kerberos)? If someone brings their own device I cannot force a group policy object (GPO) to list the url in the intranet zone whitelist. And then they get this ugly popup in the browser, asking for credentials. Therefore a option forceNegotiate just like forceNTLM would be useful.

Thank you.

[jlguenego]

I will consider it.

On Sat, Oct 16, 2021 at 10:43 PM fusscreme @.***> wrote:

Hi,

Is there a possibility to suppress NTLM authentification and to only use Negotiate (Kerberos)? If someone brings their own device I cannot force a group policy object (GPO) to list the url in the intranet zone whitelist. And then the get this ugly popup in the browser, asking for credentials. Therefore a option forceNegotiate just like forceNTLM would be useful.

Thank you.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jlguenego/node-expose-sspi/issues/114, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAVV6TVHZFGACNBWOQJLLW3UHHPVZANCNFSM5GEAJUOA .

-- Jean-Louis GUENEGO Tel : +33 6 12 19 81 48 mail: @.***

[jg76379]

I think this would be a good feature. node-sspi allows you to specify which SSPI packages to use with an array

sspiPackagesUsed: default to ['NTLM']. An array of SSPI packages used. To obtain a list of all SSPI packages available on your server, download source code of mod-auth-sspi, then run bin\sspikgs.exe from your server's DOS console.