On Monday, August 29, 2005 10:28:35 -0400 Wyllys Ingersoll
<[EMAIL PROTECTED]> wrote:
By default, Firefox will only perform GSSAPI (negotiate-auth)
authentication
when the protocol is 'https://'.
Check the "network.negotiate-auth.delegation-uris" and
"network.negotiate-auth.trusted-uris" parameters (under "about:config")
and
make sure that you allow "http://"; as well as "https://"; if you are
accessing
non-SSL protected sites.
network.negotiate-auth.delegation-uris = "https://,http://";
network.negotiate-auth.trusted-uris = "https://,http://";
Aaaa! No! Don't do this unless you _absolutely_ need this ability.
Running HTTP negotiate over a plaintext connection is _not secure_. It
provides no integrity protection and is subject to a relatively easy
man-in-the-middle attack.
If the problem is indeed that the connection is not using SSL, the correct
solution is to change that service to use SSL.
If you absolutely must use HTTP negotiate with a service that is not using
SSL and which you do not control, then turning on negotiate support for
non-SSL connections may be your only choice.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
