Also can you do a kinit -k -t keytab HTTP/server successfully ? Markus
"Julien ALLANOS" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Quoting Jeffrey Altman <[EMAIL PROTECTED]>: > >> Julien ALLANOS wrote: >> >>> Quoting Jeffrey Altman <[EMAIL PROTECTED]>: >>> >>>> Neither Internet Explorer nor FireFox 1.0 use KFW for their Kerberos >>>> support. If you want them to have Kerberos credentials, Windows must >>>> obtain them for you when you login to Windows using an Active Directory >>>> account. >>>> >>>> Jeffrey Altman >>> >>> >>> OK, but how can I be certain that Windows did really obtain the Kerberos >>> credentials at login, that FF or IE might be able to use after? >> >> Since you have MIT KFW installed you can list the contents of the >> MSLSA ccache with >> >> klist -c MSLSA: >> >> Otherwise, you can install one of the Microsoft tools such as >> kerbtray.exe that are available from the Microsoft download web site. >> > > Thanks. > > Both klist -c MSLSA: and kerbtray tell me that the following tickets are > given > to me at login (verified by purging, logout and login again): > > * krbtgt/[EMAIL PROTECTED] > * ldap/host.my.domain.tld/[EMAIL PROTECTED] > * host/[EMAIL PROTECTED] > > However, IE or FF are still sending NTLM tickets. Any clue? > -- > Julien ALLANOS > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
