(this page copied from http://www.dstc.qut.edu.au/MSU/research_news/web_sec/KRB_PROT.HTM)

Kerberos on the Web: Protocol example

1. The client sends original request (or if it can, it starts at step 3)

GET /restricted/adam.html HTTP/1.0
Accept: */*
User-Agent:  NCSA Mosaic for the X Window System/2.4  libwww/2.12 modified

2. The server sees that Kerberos auth is required, so it sends a 401

HTTP/1.0 401 Unauthorized
Date: Friday, 03-Feb-95 18:45:13 GMT
Server: NCSA/1.3
MIME-version: 1.0
Content-type: text/html
WWW-Authenticate: KerberosV4

3. The client then gets a ticket for the server, and resubmits request with Kerberos ticket in Authorization line

GET /restricted/adam.html HTTP/1.0
Accept: */*
User-Agent:  NCSA Mosaic for the X Window System/2.4  libwww/2.12 modified
Authorization: KerberosV4 acain 0406004e4353412e554955
		32e454455003820c3e4fc931b68ed20d0f696ee74148a696eb4
		a4d83e1c80af9ce02e5d3f230dc5e63bbc8595ce95ea6de42b18
		d957063ceb45787ab479999565d353da2b5b17a76a89e0d169
		3694ee91e5623b953a5dfd3be00642596ff846

4. And then the server responds with the document and the encrypted `timestamp+1` to authenticate server

HTTP/1.0 200 OK
Date: Friday, 03-Feb-95 18:45:16 GMT
Server: NCSA/1.3
MIME-version: 1.0
Content-type: text/html
Last-modified: Wednesday, 04-Jan-95 22:58:20 GMT
Content-length: 624
WWW-Authenticate: KerberosV4 [c3602905a92b683f] User authenticated

HTML Document here

Kerberos on the Web: Protocol example

1. The client sends original request (or if it can, it starts at step 3)

2. The server sees that Kerberos auth is required, so it sends a 401

3. The client then gets a ticket for the server, and resubmits request with Kerberos ticket in Authorization line

4. And then the server responds with the document and the encrypted timestamp+1 to authenticate server

4. And then the server responds with the document and the encrypted `timestamp+1` to authenticate server