[27089] in Kerberos
Re: Using kerberos ticket on web browsers
daemon@ATHENA.MIT.EDU (Julio Cesar Parra/Mexico/IBM)
Tue Dec 5 12:34:29 2006
In-Reply-To: <20061205122845.M81140@prodesan.com.br>
To: "Diego Lima" <diego-lima@prodesan.com.br>
MIME-Version: 1.0
From: Julio Cesar Parra/Mexico/IBM <jcparra@mx1.ibm.com>
Message-ID: <OF2D98825F.F3657D47-ON8625723B.005EE12C-8625723B.00608011@mx1.ibm.com>
Date: Tue, 5 Dec 2006 11:33:56 -0600
Cc: kerberos-bounces@mit.edu, Kerberos Mail List <kerberos@mit.edu>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi maybe these steps can help you with you problem.
If you are logging into an win AD server that is not on the same domain as
the webserver, you must do the following on the client PC's Broswer to
trust that site (so it sends kerb ticket)
1.In Internet Explorer, click Tools, and then click Internet Options.
2.Click the Security tab, then click Local intranet, then click Sites, and
then click Advanced.
3.In the Add this Web site to the zone: text box, type the name of the
website you want to authenticate to with Kerberos authentication, and then
click Add.
4.Click OK.
Regards.
* Carpe diem
Julio Cesar Parra Uribe E-mail: jcparra@mx1.ibm.com
T/L 877-2535 Ext phone: (5233)3669-7000 Ext. 2535
Project Manager
SY-KRB-CP-EZ-HFS-BATS-RC-MN-REXX
TRCTCPAPP-ISQL-QRY400 Guad Team.
"Diego Lima" <diego-lima@prodesan.com.br>
Sent by: kerberos-bounces@mit.edu
05/12/2006 06:35
To
"Kerberos Mail List" <kerberos@mit.edu>
cc
Subject
Using kerberos ticket on web browsers
I am curretly setting up a SSO environment using a Debian server as PDC
(Samba+OpenLdap+Kerberos) and windows workstations (mostly windows XP).
Everything is working fine so far except I can't use the kerberos ticket I
get
at logon on any windows internet browser.
Curretly the ticket is cached both at krb5cc_username api and a file at
the
hard disk. I know both IE and Firefox support kerberos authentication to
websites (server is an apache2 with kerberos authentication that is
already
working fine with linux clients), but they don't seem to understand that
the
ticket isn't on windows LSA API.
Is there any way to set up either IE or Firefox and tell them where the
ticket
they should use is located? Or is there any way to place the kerberos
ticket
on windows LSA API?
Thank you,
--
Diego Alencar Alves de Lima
DINF - Prodesan (http://www.prodesan.com.br)
Prefeitura Municipal de Santos (http://www.santos.sp.gov.br)
--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
