Diego, There must be something wrong in my setup (obviously), but I'm sure it isn't on the server side, since Linux clients are able to authenticate properly. I've come to the conclusion that firefox is using NTLM by sniffing network packets (I can send them if anyone is interested, but I don't think its relevant).
Regarding the above - the browser will try and authenticate to server using NTLM if it is unable to get the kerberos ticket, so I suggest you check that the client is able to get the ticket from KDC. As I mentioned in my last message, if you are accessing a web page with URL http://server.domain.com then firefox will try to request a service ticket with principal name HTTP/server.domain.com@<REALM>. Is there any traffic between client and KDC when you try to authenticate ? Perhaps KDC is returning an error ? Thanks, Tim ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
