Probably silly question ... Have you enabled "windows integrated authentication" in IE? Is your http server in the "trusted zone"?
best regards, vadim tarassov. On Fri, 2005-08-26 at 17:23 +0200, Julien ALLANOS wrote: > Quoting Jeffrey Altman <[EMAIL PROTECTED]>: > > > Julien ALLANOS wrote: > > > >> Quoting Jeffrey Altman <[EMAIL PROTECTED]>: > >> > >>> Neither Internet Explorer nor FireFox 1.0 use KFW for their Kerberos > >>> support. If you want them to have Kerberos credentials, Windows must > >>> obtain them for you when you login to Windows using an Active Directory > >>> account. > >>> > >>> Jeffrey Altman > >> > >> > >> OK, but how can I be certain that Windows did really obtain the Kerberos > >> credentials at login, that FF or IE might be able to use after? > > > > Since you have MIT KFW installed you can list the contents of the > > MSLSA ccache with > > > > klist -c MSLSA: > > > > Otherwise, you can install one of the Microsoft tools such as > > kerbtray.exe that are available from the Microsoft download web site. > > > > Thanks. > > Both klist -c MSLSA: and kerbtray tell me that the following tickets are given > to me at login (verified by purging, logout and login again): > > * krbtgt/[EMAIL PROTECTED] > * ldap/host.my.domain.tld/[EMAIL PROTECTED] > * host/[EMAIL PROTECTED] > > However, IE or FF are still sending NTLM tickets. Any clue? -- vadim <[EMAIL PROTECTED]> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
