"??????? ?????????" <undelborg@xxxxxxxxx> wrote in message news:cf132a050909030128ke05b19bl5cfc7e0f6ac81d1c@xxxxxxxxxxxxxxxxx
I've configured Kerberos authentication for users in AD, but there is one problem: after half an hour IE7 "forgets" about Kerberos and tries to use NTLM. User have to restart IE7 to use Kerberos again. What parameter is responsible for Kerberos authentication lifetime?
AD can set lifetimes, but usually that is 10 hours renewable for a week. You can see the values of the ticket with the MS tool kerbtray. You also can look at the Kerberos traffic on port 88 with Wireshark. With Wireshark you should see when you login to your Desktop a AS req/rep for your login id and when you start using IE you should see a TGS req/rep for HTTP/<proxy-fqdn>.
Regards Markus
-- Best regards, Dmitry
