SPNEGO question
Todd Grayson
tgrayson at cloudera.com
Mon Nov 9 17:26:52 EST 2015
No, the path failing is something application side within your setup.
The configuration of the FQDN really just the domain and tld) is all you
need, that is host.domain.tld adding the path should not break things in
the browser configs.... for example in environments where many hosts use
Negotiated auth (SPNEGO) the domain.tld should be a viable configuration
setting too.
There are a number of reference documentation sets from commercial vendors
on enabling SPNEGO, including ours
http://www.cloudera.com/content/www/en-us/documentation/enterprise/latest/topics/cdh_sg_browser_access_kerberos_protected_url.html
Weblogic
http://www.oracle.com/technetwork/articles/idm/weblogic-sso-kerberos-1619890.html
IBM
http://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/csec_SPNEGO_explain.html
These can help in building your understanding of it, setting it up, and
troubleshooting things.
On Mon, Nov 9, 2015 at 3:07 PM, Pascal Jakobi <pascal.jakobi at gmail.com>
wrote:
>
>
> I am still testing kerberos pretty thoroughly. Now I am at SPNEGO.
>
> I was able to have it to work (with firefox) when calling simple URI
> such as http://host.domain.tld but not when calling
> http://host.domain.tld/test_dir.
> I did change the negotiate URI field in firefox configuration, but did
> not touch the service keytab (HTTP/<host>). My guess is that the problem
> is there...
>
> Does this mean that in reality SPNEGO is limited to vrtual hosts ?
>
> If someone could clarify, this would be more than useful...
>
> Thanks in advance
> --
> Pascal Jakobi <mailto:pascal.jakobi at gmail.com>
> 116 rue de Stalingrad
> 93100 Montreuil, France
> Tel : +33 6 87 47 58 19
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
Todd Grayson
Customer Operations Engineering, Security SME
More information about the Kerberos
mailing list