[27759] in Kerberos
Firefox vs IE Cross Realm Kerberos SSO Authentication
daemon@ATHENA.MIT.EDU (Michael B Allen)
Thu May 10 15:10:26 2007
Date: Thu, 10 May 2007 15:10:09 -0400
From: Michael B Allen <mba2000@ioplex.com>
To: Kerberos <Kerberos@mit.edu>
Message-Id: <20070510151009.5a24cbc2.mba2000@ioplex.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello List,
I have found an inconsistency between IE and Firefox with respect to
Keberos cross realm authentication.
I have two Windows domains W.NET and B.W.NET. If I setup SSO on a Linux
web server lws.b.w.net and create the HTTP service account in the B.W.NET
realm all works fine with both FF and IE.
However, if I create the HTTP service in the parent domain W.NET, IE
can sucessfully perform SSO whereas FF cannot.
>From looking at a capture of the failure I see the following:
C: KRB5 TGS-REQ for HTTP/lws.b.w.net
S: KRB5 TGS-REP with krbtgt/W.NET
C: DNS SRV query for _kerberos-master._udp.B.W.NET
S: DNS No such name
Can anyone explain this behavior and tell me if it is consistent with
what is supposed to happen?
Mike
--
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
