On Thu, 16 Jan 2014, Morgan Patou wrote: > From a Unix client, I can execute a Klist command to see that I have a > valid ticket (expires in 10h). So the next step is to access to the > kerberized application with a web browser. In Mozilla Firefox, I've set > the following configuration: > > * network.negotiate-auth.delegation-uris user set string .REALM.COM > * network.negotiate-auth.trusted-uris user set string .REALM.COM > * network.negotiate-auth.using-native-gsslib user set boolean false
When doing negotiate auth in firefox on windows using MIT kerberos, I've always had to set network.auth.use-sspi=false to get firefox to use the gssapi library from MIT kerberos. Other things to pay attention to are whether firefox is 32- or 64-bit (I expect it's 32-bit) and that the version of MIT Kerberos installed provides the appropriate bittedness gssapi library. (This is only an issue with KfW 3.x and older; KfW 4.x installs both libraries on 64-bit machines.) -Ben Kaduk ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
