SPNEGO auth with service principal in other realm work with IE and not with Firefox
Elia Pinto
gitter.spiros at gmail.com
Wed Oct 19 11:37:43 EDT 2011
Hi to all
I have an authentication infrastructure with Windows 2003 AD (realm
XXX.EXAMPLE.COM) and clients with windows XPSP3
(XXX.EXAMPLE.COM dns domain). I have a web server
web1.YYY.EXAMPLE.COM (YYY.EXAMPLE.COM is also an AD domain in the same
forest with a cross trust kerberos auth with XXX.EXAMPLE.COM) . It
'was created on the KDC of XXX.EXAMPLE.COM the
HTTP/web1.YYY.EXAMPLE.COM @ XXX.EXAMPLE.COM server principal and it
was correctly configured the web server for doing SPNEGO HTTP
authentication. Now this works transparently from the clients with IE
and not firefox. I have successfully configured firefox in about:
config but although the web server requires the authentication type
Negotiate firefox does nothing. The question is, but this
configuration is supposed to work by Kerberos, I thought not, but I
can not explain why it to work in IE if this is true. I have searched
but no avail.
Thanks in advance for your help
More information about the Kerberos
mailing list