Using kerberos ticket on web browsers
Diego Lima
diego-lima at prodesan.com.br
Tue Dec 5 14:32:06 EST 2006
Hello again,
We don't have any windows AD server on the network (actually, we have no
Windows servers, AD or not). Currently we get our tickets from a Debian
server configured with a Samba+OpenLDAP+MIT Kerberos. While windows doesn't
get a ticket at logon, we use a combination of MIT for Windows and a custom
GINA to acquire the tickets from our Kerberos KDC.
These tickets are stored in two places: a file on a network share and the
MIT API krb5cc; We have no tickets in the LSA, which (I believe) is where IE
and Firefox are trying to get the tickets from, and we need to point them
towards either ticket location (file or API).
Thank you,
--
Diego Alencar Alves de Lima
DINF - Prodesan (http://www.prodesan.com.br)
Prefeitura Municipal de Santos (http://www.santos.sp.gov.br)
On Tue, 5 Dec 2006 11:33:56 -0600, Julio Cesar Parra/Mexico/IBM wrote
> Hi maybe these steps can help you with you problem.
>
> If you are logging into an win AD server that is not on the same
> domain as the webserver, you must do the following on the client
> PC's Broswer to trust that site (so it sends kerb ticket)
>
> 1.In Internet Explorer, click Tools, and then click Internet Options.
>
> 2.Click the Security tab, then click Local intranet, then click
> Sites, and then click Advanced.
>
> 3.In the Add this Web site to the zone: text box, type the name of
> the website you want to authenticate to with Kerberos authentication,
> and then click Add.
>
> 4.Click OK.
>
> Regards.
>
> * Carpe diem
> Julio Cesar Parra Uribe E-mail: jcparra at mx1.ibm.com
> T/L 877-2535 Ext phone: (5233)3669-7000 Ext. 2535
> Project Manager
> SY-KRB-CP-EZ-HFS-BATS-RC-MN-REXX
> TRCTCPAPP-ISQL-QRY400 Guad Team.
--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.
More information about the Kerberos
mailing list