Check - OK, it hasnt expired yet this morning....
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: Adam Young [ayo...@redhat.com]
Sent: Thursday, 24 November 2011 4:59 p.m.
To: Steven Jones
Subject: Re: [Freeipa-users] Annoying issue with Firefox and kerberos ticket
So let me get this straight: A system that works fine one day does not work
You have a Kerberos TIcket, it expires. The webUI doesn't work. You then do
a kinit and reload the browser, and it does not work. THen you go through
the initialization steps, including configuring the browser, and then the
webUI does work?
I can't see how that is possible. All that the browser config does is sets a
couple of values in the properties that allows the browser forward the Kerberos
TGT to the FreeIPA site. Are those values are somehow getting unset? There is
something else going on.
THe next time, before you re-init the tgt or anything, go through the steps
and check the values for network.negotiate-auth.trusted-uris and
Freeipa-users mailing list