On Thursday 03 August 2006 04:28, Daniel B. Bailey wrote:
hello, i have a situation where SSO (Single Sign On) for Oracle Portal uses
Kerberos tokens ( Windows Authentacation) to sign on to an Oracle system.
What Webbrowsers do you use?
What KDC-Software do you use?
What GSSAPI-implementation
Quoting Markus [EMAIL PROTECTED]:
Julien,
as far as I am aware you can not use cnames. Normally the
client/server uses a call to gss_import_name which canonicalises the
hostname from the cname to the A record. If you capture the traffic
on port 88 on the client you should see a TGS-REQ for
Julian,
I think creating a keytab with HTTP/[EMAIL PROTECTED] should be
enough.
Regards
Markus
Julien ALLANOS wrote:
Quoting Markus [EMAIL PROTECTED]:
Julien,
as far as I am aware you can not use cnames. Normally the
client/server uses a call to gss_import_name which canonicalises the
By default, Firefox will only perform GSSAPI (negotiate-auth) authentication
when the protocol is 'https://'.
Check the network.negotiate-auth.delegation-uris and
network.negotiate-auth.trusted-uris parameters (under about:config) and
make sure that you allow http://; as well as https://; if
On Monday, August 29, 2005 10:28:35 -0400 Wyllys Ingersoll
[EMAIL PROTECTED] wrote:
By default, Firefox will only perform GSSAPI (negotiate-auth)
authentication
when the protocol is 'https://'.
Check the network.negotiate-auth.delegation-uris and
network.negotiate-auth.trusted-uris
Jeffrey Hutzelman wrote:
By default, Firefox will only perform GSSAPI (negotiate-auth)
authentication
when the protocol is 'https://'.
Check the network.negotiate-auth.delegation-uris and
network.negotiate-auth.trusted-uris parameters (under about:config)
and
make sure that you allow http://;
Quoting Markus Moeller [EMAIL PROTECTED]:
Also can you do a kinit -k -t keytab HTTP/server successfully ?
Markus
Julien ALLANOS [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Quoting Jeffrey Altman [EMAIL PROTECTED]:
Julien ALLANOS wrote:
Quoting Jeffrey Altman [EMAIL
Probably silly question ... Have you enabled windows integrated
authentication in IE? Is your http server in the trusted zone?
best regards, vadim tarassov.
On Fri, 2005-08-26 at 17:23 +0200, Julien ALLANOS wrote:
Quoting Jeffrey Altman [EMAIL PROTECTED]:
Julien ALLANOS wrote:
Quoting
Hello,
I'm experiencing a strange thing again. I have a Windows 2003 server with
apache2 + mod_spnego + kfw-2.6.5. This is the only box on the domain. When I
login as a simple user and type klist at the command prompt, I can't see I have
no TGT. From what I've understood about KRB5, a TGT should
Neither Internet Explorer nor FireFox 1.0 use KFW for their Kerberos
support. If you want them to have Kerberos credentials, Windows must
obtain them for you when you login to Windows using an Active Directory
account.
Jeffrey Altman
Julien ALLANOS wrote:
Hello,
I'm experiencing a strange
Quoting Jeffrey Altman [EMAIL PROTECTED]:
Neither Internet Explorer nor FireFox 1.0 use KFW for their Kerberos
support. If you want them to have Kerberos credentials, Windows must
obtain them for you when you login to Windows using an Active Directory
account.
Jeffrey Altman
OK, but how
Julien ALLANOS wrote:
Quoting Jeffrey Altman [EMAIL PROTECTED]:
Neither Internet Explorer nor FireFox 1.0 use KFW for their Kerberos
support. If you want them to have Kerberos credentials, Windows must
obtain them for you when you login to Windows using an Active Directory
account.
Quoting Jeffrey Altman [EMAIL PROTECTED]:
Julien ALLANOS wrote:
Quoting Jeffrey Altman [EMAIL PROTECTED]:
Neither Internet Explorer nor FireFox 1.0 use KFW for their Kerberos
support. If you want them to have Kerberos credentials, Windows must
obtain them for you when you login to Windows
Have you created a HTTP/server principal and configured IE with integrated
windows authentication and FF as follows ?
select URL about:config
in the filter write nego
You should see two entries double click on them and and the domains for
which you want to have SPNEGO e.g. test.com
I hope
Also can you do a kinit -k -t keytab HTTP/server successfully ?
Markus
Julien ALLANOS [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Quoting Jeffrey Altman [EMAIL PROTECTED]:
Julien ALLANOS wrote:
Quoting Jeffrey Altman [EMAIL PROTECTED]:
Neither Internet Explorer nor FireFox
Jeffrey Altman wrote:
Neither Internet Explorer nor FireFox 1.0 use KFW for their Kerberos
support.
Just because this comment reminded me...
As of this week, Firefox and Thunderbird nightly builds (and the
eventual 1.5 release) support using either SSPI or KFW, according to the
value of the
]
--
This posting is provided AS IS with no warranties, and confers no
rights.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Markus Moeller
Sent: Friday, August 26, 2005 1:26 PM
To: kerberos@mit.edu
Subject: Re: windows browsers send ntlm instead of kerberos
17 matches
Mail list logo
