OK Russ,
That's why in need to launch a kinit command, before Firefox,
in order to get a local ticket cache.
Without cache, as i mentionned in my first pot, NegotiateAuth log
displays :
[...]
-1217141024[b742e1c0]: gss_init_sec_context() failed: Unspecified GSS
failure. Minor code may provide
The client should *not* have the keytab, the web server has to have
the keytab with an HTTP/fqdn.of.ser...@realm principal.
yes, on my Apache2 (with mod_aut_kerb enabled), there is a keytab
with an entry for the requested service (HTTP/fqdn...)
2) The client user has credentials in KDC. On KDC
Hi Douglas,
Have you tried Wireshark or other analyzer to see what might be going on?
Yes, a lot.
Do you have a krb5.conf file?
Yes of course, there is a krb5.conf file on client machine.
Does the web server support GSS? What is the server?
Apache/2.2.12 (Ubuntu), with mod_auth_kerb.
I
On 11 jan, 21:47, Phil Pishioneri p...@psu.edu wrote:
On 1/11/10 12:40 PM, Russ Allbery wrote:
That page doesn't discuss how to configure Firefox to find the GSS-API
library on UNIX at run-time, ...
Firefox config preference is named network.negotiate-auth.gsslib.
-Phil
Hi Phil,
On 12 jan, 09:42, Sylvain RICHET akamanou...@gmail.com wrote:
On 11 jan, 21:47, Phil Pishioneri p...@psu.edu wrote:
On 1/11/10 12:40 PM, Russ Allbery wrote:
That page doesn't discuss how to configure Firefox to find the GSS-API
library on UNIX at run-time, ...
Firefox config
On 8 jan, 22:28, Russ Allbery r...@stanford.edu wrote:
Sylvain RICHET akamanou...@gmail.com writes:
Thanks, Russ !
Your opinion concerning my logs leads me a little.
Probably it is a problem on the Kerberos client (that is: Firefox/
NegotiateAuth/GSS-API lib).
That's why the KDC does
On 7 jan, 20:25, Russ Allbery r...@stanford.edu wrote:
Sylvain RICHET akamanou...@gmail.com writes:
I really don't succeed to solve this error message ! Seems to be a GSS
API ? A communication problem between NegotiateAuth (pluggued in
Firefox) dans the underlying GSS API library
Any help would be deeply appreciated.
Thanks in advance
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
I really don't succeed to solve this error message !
Seems to be a GSS API ?
A communication problem between NegotiateAuth (pluggued in Firefox)
dans the underlying GSS API library (libgssapi-krb5-2 ?) ?
The authentication process succeeds (as configured in mod_auth_kerb)
but...
1) the
Sorry, i made a mistake :
this is not beetween KRB5_KDC_UNREACH and dns_lookup_kdc
... but beetween KRB5_REALM_CANT_RESOLVE and dns_lookup_kdc
Kerberos mailing list Kerberos@mit.edu
10 matches
Mail list logo