By default, Firefox will only perform GSSAPI (negotiate-auth) authentication
when the protocol is 'https://'.
Check the "network.negotiate-auth.delegation-uris" and
"network.negotiate-auth.trusted-uris" parameters (under "about:config") and
make sure that you allow "http://"; as well as "https://"; if you are
accessing
non-SSL protected sites.
network.negotiate-auth.delegation-uris = "https://,http://";
network.negotiate-auth.trusted-uris = "https://,http://";
-Wyllys
Julien ALLANOS wrote:
Quoting Jeffrey Altman <[EMAIL PROTECTED]>:
Julien ALLANOS wrote:
Quoting Jeffrey Altman <[EMAIL PROTECTED]>:
Neither Internet Explorer nor FireFox 1.0 use KFW for their Kerberos
support. If you want them to have Kerberos credentials, Windows must
obtain them for you when you login to Windows using an Active
Directory
account.
Jeffrey Altman
OK, but how can I be certain that Windows did really obtain the
Kerberos
credentials at login, that FF or IE might be able to use after?
Since you have MIT KFW installed you can list the contents of the
MSLSA ccache with
klist -c MSLSA:
Otherwise, you can install one of the Microsoft tools such as
kerbtray.exe that are available from the Microsoft download web site.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
