On Tue, 5 Dec 2006 19:41:23 -0000, Tim Alsop wrote > It is not possible to configure IE to use anything other than LSA > for getting credentials, however Firefox can be configure to use a > GSS-API library
Thank you for your tip, I was able to find some documents regarding configuring firefox by searching "firefox gss-api" on google. I've set the following options on about:config : network.negotiate-auth.gsslib C:\Arquivos de programas\MIT\Kerberos\lib\i386\gssapi32.lib network.negotiate-auth.trusted-uris http://, https:// network.negotiate-auth.using-native-gsslib false I've got a valid ticket on krb5cc but I'm still getting permission denied on the protected webpage, although I can access it from a linux machine using the same principal. I've sniffed the packets and I see that firefox is answering the negotiate request with a "NTLMSSP_NEGOTIATE" request, whereas on linux I don't see the NTLMSSP part. Here is the answer firefox gives: [EMAIL PROTECTED])[EMAIL PROTECTED] /apache2-default/protegido HTTP/1.1 Host: 192.168.130.222 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.1) Gecko/20061010 Firefox/2.0 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: pt-br,pt;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cache-Control: max-age=0, max-age=0 Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw== NTLMSSP( I have already tried to restart firefox but I'm still getting this error. I have tried to acquire other tickets, but I get the same error, even with the same negotiate identification (if that's indeed some kind of id). Am I missing something? Do I have to configure MIT's gss api with anything other than krb5.ini on my windows directory? -- Diego Alencar Alves de Lima DINF - Prodesan (http://www.prodesan.com.br) Prefeitura Municipal de Santos (http://www.santos.sp.gov.br) -- Esta mensagem foi verificada pelo sistema de antivĂrus e acredita-se estar livre de perigo. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
