Mantas Mikulėnas <[email protected]> writes: > On Sun, Sep 16, 2012 at 1:25 PM, Michael-O <[email protected]> wrote: >> Am 2012-09-15 21:19, schrieb Benjamin Kaduk: >>> On Sat, 15 Sep 2012, [email protected] wrote: >>> >>>>> Hi, >>>>> >>>>> >>>>> I have a Kerberos-based SSO system. The Kerberos realm is >>>>> "CORP.EXAMPLE.COM". Every service has its own domain name, such as >>>>> "imap.corp.example.com", "wiki.corp.example.com" and so on. >>>>> >>>>> Now I can login these services on Debian sid. But it always fails on >>>>> Windows XP. >>>>> >>>>> I've configured Firefox by setting the following preferences: >>>>> >>>>> network.negotiate-auth.trusted-uris = corp.example.com >>>>> network.negotiate-auth.using-native-gsslib = true >>>>> network.auth.use-sspi = false >>>> >>>> Why did you disable SSPI? This works quite well with Unix-based servers. >>> >>> Off the top of my head (and my memory may be incorrect), the windows >>> SSPI libraries only access credentials in the windows LSA credentials >>> store, which is not populated by stock KfW 3.2. >> >> I am aware of that. I just wanted to know why he uses KfW at all and not >> SSPI. > > If this is a simple Kerberos realm (not Active Directory), configuring > LSA to obtain Kerberos credentials is much more troublesome than > setting up KfW.
Yes, the Kerberos server is installed on Debian wheezy. I want to deploy a platform-independent and open-source SSO system. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
