I've set up NTLM stuff in FF - that's not a problem. It's the Kerberos stuff that I think is biting us. I'm looking at 'network.negotiate-auth.delegation-uris' for some help, among other things.
Kurt On Fri, Mar 19, 2010 at 18:04, Richard Stovall <[email protected]> wrote: > Regarding Firefox, you can allow it to do integrated auth with IIS if > you want to. Search for Firefox and NTLM. There are two about:config > entries to change, IIRC. One to turn it on, the second to enumerate > the trusted sites. The Firefox gurus prolly know a way to push this > out globally via GPO. (Or disable it, if that's preferred.) > > On Fri, Mar 19, 2010 at 8:15 PM, Kurt Buff <[email protected]> wrote: >> All, >> >> We've hired a new web guy (I am not a programmer/web developer), and >> while he's pretty good, it's all been plain web stuff for him before >> now - nothing like the AD stuff we're throwing at him. >> >> He's got nice web pages going with queries to AD, like phone lists and >> such, where roles and accountability aren't an issue, but we're also >> trying to get some pages up that are more workflow-ish, and require >> approvals by specific users. >> >> Does anyone have a set of resources on how to work through this kind >> of thing? We've got a few books, and I've helped him with a buncha >> googling, but if you can point me at some good docs, I'd appreciate >> it. >> >> If it matters, we're a Win2k3 shop, running at 2003 FFL/DFL. >> >> Also, I'm not up on all of the backend technicalities, so background >> material for this for me wouldn't hurt either >> >> One other thing we're working on is to add Firefox to the mix - any >> help there would be useful. >> >> >> Thanks, >> >> Kurt >> >> PS - here are some of the web resources I've looked at, and fed the >> web guy - I don't have the names of the books handy, as the web guy >> took them home for the weekend, but I know that Joe Kaplan is >> co-author on one of them: >> >> http://blogs.technet.com/askds/archive/2008/03/06/kerberos-for-the-busy-admin.aspx >> >> http://blogs.technet.com/askds/archive/2008/06/13/understanding-kerberos-double-hop.aspx >> >> http://blogs.technet.com/askds/archive/2008/11/25/fun-with-the-kerberos-delegation-web-site.aspx >> >> http://support.microsoft.com/kb/907273 >> >> http://grolmsnet.de/kerbtut/firefox.html >> >> https://developer.mozilla.org/en/Integrated_Authentication >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
