Firefox is running on the same windows install as IE? On windows Firefox uses Windows's Kerberos by default so if it is set up correctly it should act the same as IE.
Set up Firefox like this. network.negotiate-auth.trusted-uris=example.com network.negotiate-auth.delegation-uris=example.com network.automatic-ntlm-auth.trusted-uris=example.com or this network.negotiate-auth.trusted-uris=xxx.example.com, yyy.example.com network.negotiate-auth.delegation-uris=xxx.example.com, yyy.example.com network.automatic-ntlm-auth.trusted-uris=xxx.example.com, yyy.example.com (You could limit your URLS to just https https://example.com depending on your use case). -Christopher -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Elia Pinto Sent: Wednesday, October 19, 2011 9:38 AM To: [email protected] Subject: SPNEGO auth with service principal in other realm work with IE and not with Firefox Hi to all I have an authentication infrastructure with Windows 2003 AD (realm XXX.EXAMPLE.COM) and clients with windows XPSP3 (XXX.EXAMPLE.COM dns domain). I have a web server web1.YYY.EXAMPLE.COM (YYY.EXAMPLE.COM is also an AD domain in the same forest with a cross trust kerberos auth with XXX.EXAMPLE.COM) . It 'was created on the KDC of XXX.EXAMPLE.COM the HTTP/web1.YYY.EXAMPLE.COM @ XXX.EXAMPLE.COM server principal and it was correctly configured the web server for doing SPNEGO HTTP authentication. Now this works transparently from the clients with IE and not firefox. I have successfully configured firefox in about: config but although the web server requires the authentication type Negotiate firefox does nothing. The question is, but this configuration is supposed to work by Kerberos, I thought not, but I can not explain why it to work in IE if this is true. I have searched but no avail. Thanks in advance for your help ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
