Quoting Jeffrey Altman <[EMAIL PROTECTED]>:
Julien ALLANOS wrote:
Quoting Jeffrey Altman <[EMAIL PROTECTED]>:
Neither Internet Explorer nor FireFox 1.0 use KFW for their Kerberos
support. If you want them to have Kerberos credentials, Windows must
obtain them for you when you login to Windows using an Active Directory
account.
Jeffrey Altman
OK, but how can I be certain that Windows did really obtain the Kerberos
credentials at login, that FF or IE might be able to use after?
Since you have MIT KFW installed you can list the contents of the
MSLSA ccache with
klist -c MSLSA:
Otherwise, you can install one of the Microsoft tools such as
kerbtray.exe that are available from the Microsoft download web site.
Thanks.
Both klist -c MSLSA: and kerbtray tell me that the following tickets are given
to me at login (verified by purging, logout and login again):
* krbtgt/[EMAIL PROTECTED]
* ldap/host.my.domain.tld/[EMAIL PROTECTED]
* host/[EMAIL PROTECTED]
However, IE or FF are still sending NTLM tickets. Any clue?
--
Julien ALLANOS
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
