Using kerberos ticket on web browsers

Julio Cesar Parra/Mexico/IBM jcparra at mx1.ibm.com
Tue Dec 5 12:33:56 EST 2006


Hi maybe these steps can help you with you problem.

If you are logging into an win AD server that is not on the same domain as 
the webserver, you must do the following on the client PC's Broswer to 
trust that site (so it sends kerb ticket)

1.In Internet Explorer, click Tools, and then click Internet Options.

2.Click the Security tab, then click Local intranet, then click Sites, and 
then click Advanced.

3.In the Add this Web site to the zone: text box, type the name of the 
website you want to authenticate to with Kerberos authentication, and then 
click Add.

4.Click OK. 

Regards.

*  Carpe diem
Julio Cesar Parra Uribe   E-mail: jcparra at mx1.ibm.com 
T/L   877-2535 Ext phone:  (5233)3669-7000  Ext.  2535 
Project Manager
SY-KRB-CP-EZ-HFS-BATS-RC-MN-REXX
TRCTCPAPP-ISQL-QRY400 Guad Team.



"Diego Lima" <diego-lima at prodesan.com.br> 
Sent by: kerberos-bounces at mit.edu
05/12/2006 06:35

To
"Kerberos Mail List" <kerberos at mit.edu>
cc

Subject
Using kerberos ticket on web browsers






I am curretly setting up a SSO environment using a Debian server as PDC
(Samba+OpenLdap+Kerberos) and windows workstations (mostly windows XP).
Everything is working fine so far except I can't use the kerberos ticket I 
get
at logon on any windows internet browser.

Curretly the ticket is cached both at krb5cc_username api and a file at 
the
hard disk. I know both IE and Firefox support kerberos authentication to
websites (server is an apache2 with kerberos authentication that is 
already
working fine with linux clients), but they don't seem to understand that 
the
ticket isn't on windows LSA API.

Is there any way to set up either IE or Firefox and tell them where the 
ticket
they should use is located? Or is there any way to place the kerberos 
ticket
on windows LSA API?

Thank you,

--
Diego Alencar Alves de Lima
DINF - Prodesan (http://www.prodesan.com.br)
Prefeitura Municipal de Santos (http://www.santos.sp.gov.br)


-- 
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.

________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos




More information about the Kerberos mailing list