[27100] in Kerberos
Re: Using kerberos ticket on web browsers
daemon@ATHENA.MIT.EDU (Achim Grolms)
Wed Dec 6 11:49:33 2006
From: Achim Grolms <kerberosml@grolmsnet.de>
To: "Diego Lima" <diego-lima@prodesan.com.br>
Date: Wed, 6 Dec 2006 17:49:05 +0100
In-Reply-To: <20061206162856.M43940@prodesan.com.br>
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200612061749.07451.kerberosml@grolmsnet.de>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wednesday 06 December 2006 17:33, Diego Lima wrote:
> [Mon Nov 06 14:16:11 2006] [error] [client 192.168.130.224]
> gss_accept_sec_context() failed: A token was invalid (Token header is
> malformed or corrupt)
Client sends NTLM instead of Kerberos5.
> I have also taken a look and noticed that both IE and Firefox try to
> authenticate using the very same packets, so I'm wondering if my firefox is
> using MIT's gsslib at all.
Firefox can be configured to use Windows builtin "GSSAPI"
(the correct name is "SSPI") or a third party GSSAPI implementation
like KfW. use about:config
dialog to choose the implementation you want to use.
Achim
--
using mod_auth_kerb and Windows 2000/2003 as KDC:
<http://www.grolmsnet.de/kerbtut/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
