Check - OK, it hasnt expired yet this morning....


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

From: Adam Young []
Sent: Thursday, 24 November 2011 4:59 p.m.
To: Steven Jones
Subject: Re: [Freeipa-users] Annoying issue with Firefox and kerberos ticket

So let me get this straight:  A system that works fine one day does not work 
the next.

You have  a Kerberos TIcket,  it expires.  The webUI doesn't work.  You then do 
a kinit and reload the browser,  and it does not work.  THen you  go through 
the initialization steps, including configuring the browser,  and then the 
webUI does work?

I can't see how that is possible.  All that the browser config does is sets a 
couple of values in the properties that allows the browser forward the Kerberos 
TGT to the FreeIPA site.  Are those values are somehow getting unset? There is 
something else going on.

THe next time,  before you re-init the tgt or anything,  go through the steps 

and check the values for network.negotiate-auth.trusted-uris and 

Freeipa-users mailing list

Reply via email to