I have a JBoss application running on a Linux server that we are trying to enable pass-thru authentication on. I created a user account for the service, set the SPNs, exported the Kerberos keytab with ktpass, and our Unix admin loaded into JBoss. Everything works great ifwe areusing Windows 2003 SP2 with IE6 or IE7 (I presume XP would exhibit the same behavior, but I do not have any XP machines to test with). When we attempt to go to the same site with Windows Vista SP1 or SP2 with IE7, or Windows Vista SP1 with IE8, the authentication fails and we are presented with a logon page. Our domain controllers are running Windows 2003 SP2.Does anyone have any idea why it would work on 2003 and not Vista? I have looked at packet dumps, HTTP headers, you name it. Everything looks the same. The client requests a ticket from the KDC, the KDC replies with a ticket, and then the workstation sends a negotiate string in the HTTP headers to the web server. The only difference that I can see is that a 2003 user gets passed through to the site and a Vista user gets a logon page.Thanks,-George