We have a legacy client-server application with the client written in C++ and server in Java (both running on Windows) using CORBA for communication. Note that the Java application on the server doesn't use TomCat or other application servers.
To enable Active Directory authentication of the client I'm using the Waffle library on the server and Windows APIs on the client to perform a Negotiate SSPI exchange loop as mentioned in this post: Authenticating users using Active Directory in Client-Server Application
The MSDN sample for the SSPI Exchange loop has multiple send-receive calls between client and server (probably to account for NTLM auth too) but I've been able to successfully authenticate the client by sending the auth token just once to the server.
If our server runs on Windows Server 2003 and greater, and our client runs on Windows XP and greater, is it safe for me to assume that Kerberos will be used and multiple send-receive calls are not required?
If I were to authenticate using Java+waffle on Tomcat, I notice that the auth token is sent just once.
