SPNEGO question
Greg Hudson
ghudson at mit.edu
Mon Nov 9 17:02:10 EST 2015
On 11/09/2015 04:25 PM, Pascal Jakobi wrote:
> I am still testing kerberos pretty thoroughly. Now I am at SPNEGO.
These questions would be better suited for kerberos at mit.edu; the krbdev
list is for development of MIT krb5.
> I was able to have it to work (with firefox) when calling simple URI
> such as http://host.domain.tld but not when calling
> http://host.domain.tld/test_dir.
> I did change the negotiate URI field in firefox configuration, but did
> not touch the service keytab (HTTP/<host>). My guess is that the problem
> is there...
>
> Does this mean that in reality SPNEGO is limited to vrtual hosts ?
No, SPNEGO is not limited to virtual hosts. Your problem is almost
certainly outside the scope of the GSS-API implementation (i.e. either
within Firefox or within the web server); unfortunately I don't know
what it might be.
More information about the krbdev
mailing list