Yes. Check - OK, it hasnt expired yet this morning....
regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: Adam Young [ayo...@redhat.com] Sent: Thursday, 24 November 2011 4:59 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Annoying issue with Firefox and kerberos ticket So let me get this straight: A system that works fine one day does not work the next. You have a Kerberos TIcket, it expires. The webUI doesn't work. You then do a kinit and reload the browser, and it does not work. THen you go through the initialization steps, including configuring the browser, and then the webUI does work? I can't see how that is possible. All that the browser config does is sets a couple of values in the properties that allows the browser forward the Kerberos TGT to the FreeIPA site. Are those values are somehow getting unset? There is something else going on. THe next time, before you re-init the tgt or anything, go through the steps here: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/sso-config-firefox.html and check the values for network.negotiate-auth.trusted-uris and network.negotiate-auth.delegation-uris _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users