SPNEGO question

Todd Grayson tgrayson at cloudera.com
Mon Nov 9 17:26:52 EST 2015


No, the path failing is something application side within your setup.

The configuration of the FQDN really just the domain and tld) is all you
need, that is host.domain.tld  adding the path should not break things in
the browser configs.... for example in environments where many hosts use
Negotiated auth (SPNEGO) the domain.tld should be a viable configuration
setting too.

There are a number of reference documentation sets from commercial vendors
on enabling SPNEGO, including ours

http://www.cloudera.com/content/www/en-us/documentation/enterprise/latest/topics/cdh_sg_browser_access_kerberos_protected_url.html

Weblogic

http://www.oracle.com/technetwork/articles/idm/weblogic-sso-kerberos-1619890.html

IBM

http://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/csec_SPNEGO_explain.html

These can help in building your understanding of it, setting it up, and
troubleshooting things.


On Mon, Nov 9, 2015 at 3:07 PM, Pascal Jakobi <pascal.jakobi at gmail.com>
wrote:

>
>
> I am still testing kerberos pretty thoroughly. Now I am at SPNEGO.
>
> I was able to have it to work (with firefox) when calling simple URI
> such as http://host.domain.tld but not when calling
> http://host.domain.tld/test_dir.
> I did change the negotiate URI field in firefox configuration, but did
> not touch the service keytab (HTTP/<host>). My guess is that the problem
> is there...
>
> Does this mean that in reality SPNEGO is limited to vrtual hosts ?
>
> If someone could clarify, this would be more than useful...
>
> Thanks in advance
> --
> Pascal Jakobi <mailto:pascal.jakobi at gmail.com>
> 116 rue de Stalingrad
> 93100 Montreuil, France
> Tel : +33 6 87 47 58 19
>
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>



-- 
Todd Grayson
Customer Operations Engineering, Security SME


More information about the Kerberos mailing list