RE: Kerberos HTTP authentication with mozilla 1.7b

Fri, 16 Apr 2004 07:14:11 -0700 

Negotiate is not (yet) supported in Windows.  Also unless you tweak some
prefs, it's not supported under a non-ssl site either.  To configure it on
supported UNIX platforms, see the following comment
http://bugzilla.mozilla.org/show_bug.cgi?id=17578#c240

Negotiate for Windows
http://bugzilla.mozilla.org/show_bug.cgi?id=237586

-Christopher

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, April 16, 2004 7:56 AM
To: [EMAIL PROTECTED]
Subject: Kerberos HTTP authentication with mozilla 1.7b


Hi.

I downloaded/installed the win/x86 version of Mozilla 1.7b.  I then
try to request a page on a sever using Kerberos authentication
(WWW-Authenticate: Negotiate).

Using ethereal I was able to see that Apache response is fine (see
response below):
HTTP/1.1 401 Authorization Required
Date: Fri, 16 Apr 2004 13:17:39 GMT
Server: Apache/2.0.49 (Unix) mod_ssl/2.0.49 OpenSSL/0.9.7d
mod_auth_kerb/5.0-rc4
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="Kerberos Login"

Then I have a window popping up in Mozilla requiring
username/password. Then I can see that this info is then send with the
request as Basic AUthentication (see request below).
GET / HTTP/1.1
Host: idc066.xxx.xxx.org:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7b)
Gecko/20040316
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Authorization: Basic dGVzdEB0ZXN0LmNvbTphc2Q=

Any idea why this is notn working. Mozillla should not try basic
authentication is it was specified negociate in the Apache response.

I maybe missing something (I am not a kerberos expert!). Or maybe
there are some settings/preference to change in Mozilla (I looked and
found nothing that looks like that)...

Any help would be appreciated!

Christian
_______________________________________________
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security

_______________________________________________
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security

Reply via email to