During authentication, we have users using IE6 (company policy) that, after the http 401, are getting an http 413, because they have the Authorization: Negotiate attribute in the http header at over 3k characters. Mine is just over 2K. There seems to be a limit around 4K (total request header size), and thus the http 413.
Does anyone know how the Authorization: Negotiate attribute is built by IE, and what controls its size?