Index: core/authentication_api.php
===================================================================
--- core/authentication_api.php	(revision 3)
+++ core/authentication_api.php	(working copy)
@@ -118,7 +118,8 @@
 		if ( !( ( ON == $t_anon_allowed ) && ( $t_anon_account == $p_username)  ) ) {
 			# anonymous login didn't work, so check the password
 
-			if ( !auth_does_password_match( $t_user_id, $p_password ) ) {
+			if ( HTTP_AUTH != $t_login_method && !auth_does_password_match( $t_user_id, $p_password ) ) {
+			# if ( !auth_does_password_match( $t_user_id, $p_password ) ) {
 				user_increment_failed_login_count( $t_user_id );
 				return false;
 			}
Index: login.php
===================================================================
--- login.php	(revision 3)
+++ login.php	(working copy)
@@ -29,6 +29,10 @@
 	if ( HTTP_AUTH == config_get( 'login_method' ) ) {
 		if ( !auth_http_is_logout_pending() )
 		{
+			if (isset($_SERVER['REMOTE_USER'])) { #  $_SERVER['AUTH_TYPE'] == 'Negotiate' )
+			    preg_match(config_get('sso_user_regex'), $_SERVER['REMOTE_USER'], $user_match);
+			    $f_username = $user_match[1];
+			}
 			if ( isset( $_SERVER['PHP_AUTH_USER'] ) )
 				$f_username = $_SERVER['PHP_AUTH_USER'];
 			if ( isset( $_SERVER['PHP_AUTH_PW'] ) )