WWW身份验证使用NTLM而不是Kerberos

我正在Windows Server 2008上运行NodeJS服务器.

I'm running a NodeJS server on a Windows Server 2008.

服务器并没有做很多事情，但是我为401设置了标题，WWW身份验证协商，我知道可以通过他的默认Kerberos身份验证来使用它，或者如果它不可用，则可以与NTLM一起使用.

The server doesn't do much but I set the header for 401, WWW-Authenticate Negotiation which I know can go either with his default Kerberos authentication or if it's not available then with NTLM.

我下载了提琴手，发现当我尝试访问服务器时，它尝试使用NTLM(提示我输入用户名和密码)而不是Kerberos进行身份验证，即使计算机与服务器位于同一域中，当我这样做时运行命令"klist"，这确实表明他具有令牌，这意味着他已经通过Kerberos进行了身份验证(不是吗?).

I downloaded fiddler and discovered that when I try to reach the server it tries to authenticate with NTLM(prompt me for username and password) rather than Kerberos, even though the computer is in the same domain as the server and when I do run the command "klist" it does show me that he has tokens which means that he already authenticated with Kerberos(doesn't it?).

我的问题是如何使它通过Kerberos而不是NTLM进行身份验证-为什么他首先要使用NTLM?

My question is how can I make it authenticate with Kerberos rather than NTLM - why does he go to NTLM in the first place?

有什么想法吗?