[27110] in Kerberos
RE: Using kerberos ticket on web browsers
daemon@ATHENA.MIT.EDU (Tim Alsop)
Thu Dec 7 11:54:59 2006
Date: Thu, 7 Dec 2006 16:53:42 -0000
MIME-Version: 1.0
Message-ID: <0D8F2EFD3A10E24DAEEA48EA6DA07D302996C8@postman-pat.csafe.local>
In-Reply-To: <20061207160439.M9262@prodesan.com.br>
From: "Tim Alsop" <Tim.Alsop@CyberSafe.Com>
To: "Diego Lima" <diego-lima@prodesan.com.br>,
"Michael B Allen" <mba2000@ioplex.com>,
"Kerberos Mail List" <kerberos@mit.edu>,
"Achim Grolms" <kerberosml@grolmsnet.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Diego,
There must be something wrong in my setup (obviously), but I'm sure it
isn't
on the server side, since Linux clients are able to authenticate
properly.
I've come to the conclusion that firefox is using NTLM by sniffing
network
packets (I can send them if anyone is interested, but I don't think its
relevant).
Regarding the above - the browser will try and authenticate to server
using NTLM if it is unable to get the kerberos ticket, so I suggest you
check that the client is able to get the ticket from KDC. As I mentioned
in my last message, if you are accessing a web page with URL
http://server.domain.com then firefox will try to request a service
ticket with principal name HTTP/server.domain.com@<REALM>. Is there any
traffic between client and KDC when you try to authenticate ? Perhaps
KDC is returning an error ?
Thanks,
Tim
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
