Diego, It is not possible to configure IE to use anything other than LSA for getting credentials, however Firefox can be configure to use a GSS-API library, so you can configure Firefox to use the MIT gss dll and then it can access credentials obtained by your GINA.
To find out how to configure Firefox, look in help or let me know if you get stuck. Thanks, Tim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Diego Lima Sent: 05 December 2006 19:32 To: Julio Cesar Parra/Mexico/IBM; Kerberos Mail List Subject: Re: Using kerberos ticket on web browsers Hello again, We don't have any windows AD server on the network (actually, we have no Windows servers, AD or not). Currently we get our tickets from a Debian server configured with a Samba+OpenLDAP+MIT Kerberos. While windows doesn't get a ticket at logon, we use a combination of MIT for Windows and a custom GINA to acquire the tickets from our Kerberos KDC. These tickets are stored in two places: a file on a network share and the MIT API krb5cc; We have no tickets in the LSA, which (I believe) is where IE and Firefox are trying to get the tickets from, and we need to point them towards either ticket location (file or API). Thank you, -- Diego Alencar Alves de Lima DINF - Prodesan (http://www.prodesan.com.br) Prefeitura Municipal de Santos (http://www.santos.sp.gov.br) On Tue, 5 Dec 2006 11:33:56 -0600, Julio Cesar Parra/Mexico/IBM wrote > Hi maybe these steps can help you with you problem. > > If you are logging into an win AD server that is not on the same > domain as the webserver, you must do the following on the client > PC's Broswer to trust that site (so it sends kerb ticket) > > 1.In Internet Explorer, click Tools, and then click Internet Options. > > 2.Click the Security tab, then click Local intranet, then click > Sites, and then click Advanced. > > 3.In the Add this Web site to the zone: text box, type the name of > the website you want to authenticate to with Kerberos authentication, > and then click Add. > > 4.Click OK. > > Regards. > > * Carpe diem > Julio Cesar Parra Uribe E-mail: [EMAIL PROTECTED] > T/L 877-2535 Ext phone: (5233)3669-7000 Ext. 2535 > Project Manager > SY-KRB-CP-EZ-HFS-BATS-RC-MN-REXX > TRCTCPAPP-ISQL-QRY400 Guad Team. -- Esta mensagem foi verificada pelo sistema de antivĂrus e acredita-se estar livre de perigo. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
