Am 2012-09-16 12:25, schrieb Michael-O: > Am 2012-09-15 21:19, schrieb Benjamin Kaduk: >> On Sat, 15 Sep 2012, [email protected] wrote: >> >>>> Hi, >>>> >>>> >>>> I have a Kerberos-based SSO system. The Kerberos realm is >>>> "CORP.EXAMPLE.COM". Every service has its own domain name, such as >>>> "imap.corp.example.com", "wiki.corp.example.com" and so on. >>>> >>>> Now I can login these services on Debian sid. But it always fails on >>>> Windows XP. >>>> >>>> I've configured Firefox by setting the following preferences: >>>> >>>> network.negotiate-auth.trusted-uris = corp.example.com >>>> network.negotiate-auth.using-native-gsslib = true >>>> network.auth.use-sspi = false >>> >>> Why did you disable SSPI? This works quite well with Unix-based servers. >> >> Off the top of my head (and my memory may be incorrect), the windows >> SSPI libraries only access credentials in the windows LSA credentials >> store, which is not populated by stock KfW 3.2. > > I am aware of that. I just wanted to know why he uses KfW at all and not > SSPI. KfW is able to access the LSA cache too but this because much more > of a problem in Windows 7.
Typo, this should read: KfW is able to access the LSA cache too but this became much more of a problem in Windows 7. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
