--- catalina/src/main/java/org/apache/catalina/authenticator/BasicAuthenticator.java	(revision 5106)
+++ catalina/src/main/java/org/apache/catalina/authenticator/BasicAuthenticator.java	(working copy)
@@ -21,9 +21,8 @@ 
 
 import java.io.IOException;
 import java.security.Principal;
-
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
 import org.apache.catalina.deploy.LoginConfig;
@@ -82,6 +81,8 @@ 
      */
     protected static final String info =
         "org.apache.catalina.authenticator.BasicAuthenticator/1.0";
+    
+    protected static final String negotiate="org.apache.tomcat.config.NEGOTIATE" ;
 
 
     // ------------------------------------------------------------- Properties
@@ -113,13 +114,41 @@ 
      *
      * @exception IOException if an input/output error occurs
      */
+    
     public boolean authenticate(Request request,
                                 Response response,
                                 LoginConfig config)
         throws IOException {
-
-        // Have we already authenticated someone?
-        Principal principal = request.getUserPrincipal();
+        HttpServletResponse httpResponse=response.getResponse();
+        HttpServletRequest httpRequest=request.getRequest();
+        String header=httpRequest.getHeader("Authorization");
+        if(System.getProperty(negotiate, "false").equalsIgnoreCase("true"))
+        {
+           if(header == null)
+            {
+        	    httpResponse.setHeader("WWW-Authenticate", "Negotiate");
+        	    httpResponse.setStatus(401);
+        	    return(false);
+            }
+           else
+    	     if(header!=null&&header.startsWith("Negotiate"))
+    		  {
+    		    Principal principal = request.getUserPrincipal();
+    		    String username=header.substring(10);
+    		    String password=null;
+    		    principal = context.getRealm().authenticate(username, password);
+                if (principal != null) {
+                    register(request, response, principal, Constants.BASIC_METHOD,
+                             username, password);
+                    return (true);
+                }
+                else
+                    request.getCoyoteRequest().getMimeHeaders().removeHeader("authorization");
+    		    }
+          }
+    	
+    		// Have we already authenticated someone?
+    	Principal principal = request.getUserPrincipal();
         String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
         if (principal != null) {
             if (log.isDebugEnabled())
@@ -173,11 +202,10 @@ 
                     username = new String(buf, 0, colon);
                     password = new String(buf, colon + 1, 
                             authorizationCC.getEnd() - colon - 1);
-                }
+                       }
                 
                 authorizationBC.setOffset(authorizationBC.getOffset() - 6);
             }
-
             principal = context.getRealm().authenticate(username, password);
             if (principal != null) {
                 register(request, response, principal, Constants.BASIC_METHOD,
@@ -186,7 +214,6 @@ 
             }
         }
         
-
         // Send an "unauthorized" response and an appropriate challenge
         MessageBytes authenticate = 
             response.getCoyoteResponse().getMimeHeaders()
@@ -205,8 +232,5 @@ 
         response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
         //response.flushBuffer();
         return (false);
-
     }
-
-
 }