On Mon, 2009-02-16 at 15:21 -0500, Ross Walker wrote: > Avoid NTLM all together and use Kerberos between apache/squid, Active > Directory and the Windows and Linux clients. > > Firefox and IE both support Kerberos authentication. I believe apache/ > squid do too, but you need a manually create the service principal > names in AD for those. I was using NTLM at first, but then switched to Kerberos (on the CentOS server side). The Windows users didn't see a difference. For them, SSO works just as well as before, but I still get prompted to enter user/password when I use my Fedora 10 desktop to browse to CentOS hosted web sites. My Fedora desktop is joined to the domain. I can login with my AD user/password. I even have caching working, which lets me sign on to my laptop when it's not connected to the network. I suppose I've missed something, though I don't know what. Regards, Ranbir -- Kanwar Ranbir Sandhu Linux 2.6.27.12-170.2.5.fc10.x86_64 x86_64 GNU/Linux 17:57:09 up 5 days, 19:44, 3 users, load average: 0.21, 1.13, 1.00