single sign on problem on macOS Sierra (Version10.12.3), client (Giuseppe Mazza)
Giuseppe Mazza
g.mazza at imperial.ac.uk
Mon Mar 27 10:01:51 EDT 2017
Dear Hugh,
Thank you for your reply.
On 24/03/17 16:01, kerberos-request at mit.edu wrote:
> Today's Topics:
>
> 1. Re: Kerberos Digest, Vol 171, Issue 14 (Hugh Cole-Baker)
>>
>> I have tried to implement single-sign-on on a my macbook.
>>
>> - has anybody manage to configure supported browsers for Kerberos sso
>> and apache on macOS clients?
>>
>
> Yes, if you're using Firefox you should read
> https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication
> and set the preferences mentioned on that page to whitelist the URLs
> you want to use HTTP Negotiate auth with. Firefox will not try Negotiate by
> default.
Yes, it works.
I had already tried that. It seems to me that my problem was the enctype
of my ticket granting ticket principal key was DES.
I upgraded it from DES to AES256 on my kerberos master (yes, I know:
something I had to do anyway).
Then I followed the steps in the documentation you point me to, i.e.
https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication
and Firefox on my macbook is much happier now.
Thank you again,
Giuseppe
More information about the Kerberos
mailing list