Using kerberos ticket on web browsers

Douglas E. Engert deengert at anl.gov
Tue Dec 5 14:52:33 EST 2006


Google for "mit2ms"


Diego Lima wrote:
> Hello again,
> 
> We don't have any windows AD server on the network (actually, we have no 
> Windows servers, AD or not). Currently we get our tickets from a Debian 
> server configured with a Samba+OpenLDAP+MIT Kerberos. While windows doesn't 
> get a ticket at logon, we use a combination of MIT for Windows and a custom 
> GINA to acquire the tickets from our Kerberos KDC.
> 
> These tickets are stored in two places: a file on a network share and the 
> MIT API krb5cc; We have no tickets in the LSA, which (I believe) is where IE 
> and Firefox are trying to get the tickets from, and we need to point them 
> towards either ticket location (file or API).
> 
> Thank you,
> 
> --
> Diego Alencar Alves de Lima
> DINF - Prodesan (http://www.prodesan.com.br)
> Prefeitura Municipal de Santos (http://www.santos.sp.gov.br)
> 
> 
> On Tue, 5 Dec 2006 11:33:56 -0600, Julio Cesar Parra/Mexico/IBM wrote
> 
>>Hi maybe these steps can help you with you problem.
>>
>>If you are logging into an win AD server that is not on the same 
>>domain as the webserver, you must do the following on the client 
>>PC's Broswer to trust that site (so it sends kerb ticket)
>>
>>1.In Internet Explorer, click Tools, and then click Internet Options.
>>
>>2.Click the Security tab, then click Local intranet, then click 
>>Sites, and then click Advanced.
>>
>>3.In the Add this Web site to the zone: text box, type the name of 
>>the website you want to authenticate to with Kerberos authentication,
>> and then click Add.
>>
>>4.Click OK.
>>
>>Regards.
>>
>>*  Carpe diem
>>Julio Cesar Parra Uribe   E-mail: jcparra at mx1.ibm.com 
>>T/L   877-2535 Ext phone:  (5233)3669-7000  Ext.  2535 
>>Project Manager
>>SY-KRB-CP-EZ-HFS-BATS-RC-MN-REXX
>>TRCTCPAPP-ISQL-QRY400 Guad Team.
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444



More information about the Kerberos mailing list