Limitations
When using an external Kerberos authenticator, the appliance can support Kerberos authentication only. It cannot support NTLM authentication.
The Windows™ NTLM implementation requires that the same connection is used during the multiple stages of the authentication process. WebSEAL cannot always provide the same connection for use throughout the authentication process.
Therefore, you cannot use a server that supports only NTLM authentication
as the Kerberos Authenticator. You must use a server that supports
Kerberos authentication as the Kerberos Authenticator.
Note: Microsoft™ Internet Information
Services (IIS) uses NTLM authentication by default.