On Fri, Nov 15, 2013 at 01:57:23PM -0500, Eric Radman wrote: > Is there any special configuration for enabling Kerberos authentication > in Firefox? Normally one would simply set the Kerberos whitelist for > using "about:config": > > network.negotiate-auth.trusted-uris = "my.domain," > > My impression is that the implementation in Firefox is broken. Here is > what I tried: > > 1. Enable firefox debug > > $ export NSPR_LOG_MODULES=negotiateauth:5 > $ export NSPR_LOG_FILE=/tmp/moz.log > $ ktrace firefox > > 2. Log shows that gssapi failed to load > > $ cat /tmp/moz.log > 750271712[89789780]: service = inout.deshaw.com > 750271712[89789780]: using negotiate-gss > 750271712[89789780]: entering nsAuthGSSAPI::nsAuthGSSAPI() > 750271712[89789780]: Fail to load gssapi library > 750271712[89789780]: entering nsAuthGSSAPI::Init()
http://marc.info/?l=openbsd-ports&m=137189077332408&w=2 https://bugzilla.mozilla.org/show_bug.cgi?id=648730 https://bugzilla.mozilla.org/show_bug.cgi?id=853364 has all the details. At that time, i found noone needing that feature, and willing to help debug it, so it got broken to fix other issues. Trying to dlopen krb5 and crypto at runtime "might" fix it. Patch welcome. Landry
