Hello, I am trying to deploy a simple test environment for the Jboss login module supporting SPNEGO authenthication (Jboss-negotiation.2.0.3.GA). I have installed Kerberos MIT 5 on a debian box and created the realm MYCOMPANY.NET, plus a user and a service principal for jboss.
The Jboss server is running on my winXP workstation which I log in using a local account. It is accessible at the URL: http://hostname.mycompany.net:15000/. The test security domain on the toolkit works well. I installed MIT kerberos on the same winXP workstation and I use it to get Kerberos Tickets. I configured firefox and change the following properties: - network.auth.use-sspi=false; - network.negotiate-auth.gsslib=C:\Program Files\MIT\Kerberos\bin\gssapi32.dll - network.negotiate-auth.trusted-uris=.mycompany.net With the configuration above, when I try the Basic negotiation servlet, it brings the KerberosMIT client in the front and prompt for a usersname and password for the realm MYCOMPANY.NET. But whatever the ticket i get back from kerberos, I get a HTTP 401... If I only change network.negotiate-auth.trusted-uris=.mycompany.net and leave everything else on the default value, I get the documented error page for the basic negociation. I don't understand why my browser does not trust the server... Any help appreciated! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210988#4210988 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4210988 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
