Jeffrey Hutzelman wrote:
By default, Firefox will only perform GSSAPI (negotiate-auth)
authentication
when the protocol is 'https://'.
Check the "network.negotiate-auth.delegation-uris" and
"network.negotiate-auth.trusted-uris" parameters (under "about:config")
and
make sure that you allow "http://"; as well as "https://"; if you are
accessing
non-SSL protected sites.
network.negotiate-auth.delegation-uris = "https://,http://";
network.negotiate-auth.trusted-uris = "https://,http://";
Aaaa! No! Don't do this unless you _absolutely_ need this ability.
Running HTTP negotiate over a plaintext connection is _not secure_.
It provides no integrity protection and is subject to a relatively
easy man-in-the-middle attack.
I totally agree with Jeff, that is why SSL is the default setting for
Firefox. I was just pointing
out one possible reason why the test was not working for the original
poster.
-Wyllys
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
