Using kerberos ticket on web browsers
Achim Grolms
kerberosml at grolmsnet.de
Wed Dec 6 12:49:53 EST 2006
On Wednesday 06 December 2006 18:29, Diego Lima wrote:
> network.auth.use-sspi true
if true this means Firefox uses the Win32-API (calles SSPI).
Set this to false to use a 3rd party GSSAPI.
(automatically switches network.negotiate-auth.using-native-gsslib
to 'true', this works like a flip-flop)
> network.negotiate-auth.gsslib [path to
> KfW]\lib\i386\gssapi32.lib
Never used this, blank in my setup.
>> network.negotiate-auth.trusted-uris
> http://, https://
in my setup I put my local domains into it I am using
for GSSAPI-based Authentication.
As far as I know Kerberos5 always needs proper configured
hostnames (FQDNs in principals and keytabs), so putting in
your local DNS-domain(s) will be no problem. or?
BTW: does the kvno test work?
I am using it to detect if the underlying GSSAPI works
in general.
> network.negotiate-auth.using-native-gsslib false
Switch this to "true" to make KfW work.
> As far as I understood (I'm probably wrong at some point)
> negotiate-auth.gsslib should be telling which SSPI firefox should use,
> right? Do I need to change anything else?
This is blank in my setup.
Achim
--
using mod_auth_kerb and Windows 2000/2003 as KDC:
<http://www.grolmsnet.de/kerbtut/>
More information about the Kerberos
mailing list