Using kerberos ticket on web browsers
Tim Alsop
Tim.Alsop at CyberSafe.Com
Thu Dec 7 11:53:42 EST 2006
Diego,
There must be something wrong in my setup (obviously), but I'm sure it
isn't
on the server side, since Linux clients are able to authenticate
properly.
I've come to the conclusion that firefox is using NTLM by sniffing
network
packets (I can send them if anyone is interested, but I don't think its
relevant).
Regarding the above - the browser will try and authenticate to server
using NTLM if it is unable to get the kerberos ticket, so I suggest you
check that the client is able to get the ticket from KDC. As I mentioned
in my last message, if you are accessing a web page with URL
http://server.domain.com then firefox will try to request a service
ticket with principal name HTTP/server.domain.com@<REALM>. Is there any
traffic between client and KDC when you try to authenticate ? Perhaps
KDC is returning an error ?
Thanks,
Tim
More information about the Kerberos
mailing list