problem obtaining tickets on a webserver
Russ Allbery
rra at stanford.edu
Sun Feb 4 05:11:43 EST 2007
dk <dk at kadenpartner.ch> writes:
> If on server 1 the KrbMethodK5Passwd is set to off, the authentication
> on server 1 works too, but server 1 does not save a ticket.
You have to *explicitly* enable ticket delegation in Firefox (and IE, and
hopefully any other browser that does Negotiate-Auth) because handing out
your Kerberos tickets to just anyone is a huge security vulnerability.
See:
<http://www.mozilla.org/projects/netlib/integrated-auth.html>
For Firefox, you have to set network.negotiate-auth.delegation-uris.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list