The basic idea is a bit different this time, because unlike relying on
an external tool like ntlm_auth the user has to provide in a
correctly configured way, for Kerberos and Negotiate we should be able to
provide this builtin, so it's more likely to work out of the box.