I'm testing with firefox now and have set the
network.negotiate-auth.trusted-uris but the FreeIPA web interface says my
"kerberos ticket is no longer valid" even though the MIT KFW has a current,
valid, ticket. I only see that as a configuration setting for Firefox for
this funtionality. Anything else I'm missing?
On Fri, Sep 23, 2011 at 3:31 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
> Jimmy wrote:
>> I have been using the interface from a Linux client on Firefox just
>> fine, but now I need to configure a windows client to access the web
>> interface. I have the win7 client logged in using a FreeIPA user,
>> authenticated against the realm, and when I browse to the web page I
>> still get another log in box but no matter what I do not get access, or
>> the browser cannot access the ticket the system has. I enabled the
>> "Enable Integrated Windows Authentication" option in IE. After that
>> wasn't working I even installed the MIT KFW to make sure I was really
>> getting a ticket(not really expecting that it would fix the problem.)
>> I am searching for this fix actively, but figured I'd ask here in case
>> someone had the answer at hand.
> Firefox in Windows will work with the MIT client but not IE. For IE to work
> you need to enable fake basic auth fallback,
> http://freeipa.org/page/UIPasswordAuth . This isn't really ideal but the
> only workaround we know of.
Freeipa-users mailing list