Ok guys. I’ve got something smart to write, at last.
Let’s say your boss has a brilliant idea:
«WTF, we’ve got Active Directory, we could open Internet Explorer and get into our webservers without having to authenticate!»
Let’s say you had implemented Apache with SSL on a Windows Server. Eurk.
Let’s say you managed to discover that you have to load mod_auth_sspi into Apache.
And so far, Internet Explorer is giving a freaky “Error 401: Authorization Required!” while Firefox, Opera etc. are gently fallbacking to basic auth.
The deadline is coming… you are sweating… You have spent the whole weekend googling to figure that sh*t out…
Well, what happened to me was: as soon as I heard the Boss’ footsteps, I remembered having laughed at three lines in the OpenSSL module configuration…
…YEAH! SSPI works as a charm, it’s the SSL conf the problem!
Leave SSPI alone, my dears, ‘cause you only have to comment the
BrowserMatch *MSIE* blabla
directive in Apache’s SSL conf.
Then it’s only a matter of cleaning Internet Explorer’s cache and you’ll enter your website without having to type in anything.
Of course it’s still smarter to use Firefox/Opera/Safari, but the boss is pleased and smiling. W00t!