Firefox vs IE Cross Realm Kerberos SSO Authentication
Michael B Allen
mba2000 at ioplex.com
Thu May 10 15:10:09 EDT 2007
Hello List,
I have found an inconsistency between IE and Firefox with respect to
Keberos cross realm authentication.
I have two Windows domains W.NET and B.W.NET. If I setup SSO on a Linux
web server lws.b.w.net and create the HTTP service account in the B.W.NET
realm all works fine with both FF and IE.
However, if I create the HTTP service in the parent domain W.NET, IE
can sucessfully perform SSO whereas FF cannot.
>From looking at a capture of the failure I see the following:
C: KRB5 TGS-REQ for HTTP/lws.b.w.net
S: KRB5 TGS-REP with krbtgt/W.NET
C: DNS SRV query for _kerberos-master._udp.B.W.NET
S: DNS No such name
Can anyone explain this behavior and tell me if it is consistent with
what is supposed to happen?
Mike
--
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/
More information about the Kerberos
mailing list