I'm using WAFFLE to integrate a web server with Windows authentication.
When I visit the web server using the short hostname, the server is considered "trusted" by both Chrome and IE, and everything works as expected.
When I visit the exact same web server using the full hostname, the server is no longer considered "trusted" (which is crap, to be honest, as the IP address hasn't changed) and regardless of browser, I am prompted for the password (this is fine, the server isn't trusted.)
The problem is that even when I provide the correct password, it doesn't log me in. Instead, I get the same password dialog over and over.
If I visit from a browser on my Mac, I am presented with a login dialog and entering my password there results in successful login.
The difference between the two is that on Windows, the browsers are sending Authorization: Negotiate and on Mac OS X, they are sending Authorization: Basic.
The full header I'm seeing on the wire:
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
This decodes to "NTLMSSP\0....binary data...."
The binary data is not sufficiently large to contain my credentials or a hash thereof, so I'm led to believe that the browser asked for my password and then threw it away instead of using it to authenticate me.
