Diego Lima wrote:
> First of all, I'd like to thank you all for helping me out. I finally found
> what was causing the problems. I took a look at krb5kdc.log and I found this:
>
> Dec 07 15:57:00 estagiario6 krb5kdc[22882](info): TGS_REQ (1 etypes {1})
> 192.168.130.223: PROCESS_TGS: authtime 0,
First of all, I'd like to thank you all for helping me out. I finally found
what was causing the problems. I took a look at krb5kdc.log and I found this:
Dec 07 15:57:00 estagiario6 krb5kdc[22882](info): TGS_REQ (1 etypes {1})
192.168.130.223: PROCESS_TGS: authtime 0, for
HTTP/[EMAIL PROTECTED],
On Thu, 7 Dec 2006 13:42:52 -0300
"Diego Lima" <[EMAIL PROTECTED]> wrote:
> Here is what I've done on my windows clients:
> 1 - Install Kerberos for Windows 3.1 (also tested with 3.0 with no results)
> from http://web.mit.edu/Kerberos/dist/kfw/3.1/kfw-3.1/kfw-3-1-0.exe
Just curious but why do you
Diego,
There must be something wrong in my setup (obviously), but I'm sure it
isn't
on the server side, since Linux clients are able to authenticate
properly.
I've come to the conclusion that firefox is using NTLM by sniffing
network
packets (I can send them if anyone is interested, but I don't th
I have set up a DNS server today and I still cannot use my kerberos tickets
from windows Firefox, although I can get my server to recognize and work
properly with Firefox and Konqueror running on Linux. I've taken the following
steps so far:
1. Set up my kerberos server
2. Set up my apache server
On Wed, 6 Dec 2006 13:33:20 -0300
"Diego Lima" <[EMAIL PROTECTED]> wrote:
> On Wed, 6 Dec 2006 16:22:27 -, Tim Alsop wrote
> > What URL are you using when you request access to the web site ?
>
> I can reach the website through its IP address or its DNS name (estagiario6).
> So I can access
On Wed, 6 Dec 2006 18:49:53 +0100, Achim Grolms wrote
> > network.auth.use-sspi true
>
> if true this means Firefox uses the Win32-API (calles SSPI).
> Set this to false to use a 3rd party GSSAPI.
Whenever I set this to false my browser stops trying to negotiate (it simply
w
On Wednesday 06 December 2006 18:29, Diego Lima wrote:
> network.auth.use-sspi true
if true this means Firefox uses the Win32-API (calles SSPI).
Set this to false to use a 3rd party GSSAPI.
(automatically switches network.negotiate-auth.using-native-gsslib
to 'true', this wo
> Firefox can be configured to use Windows builtin "GSSAPI"
> (the correct name is "SSPI") or a third party GSSAPI implementation
> like KfW. use about:config
> dialog to choose the implementation you want to use.
I`ve been trying to do that for a while now. Here are my about:config settings
relat
On Wednesday 06 December 2006 17:33, Diego Lima wrote:
> [Mon Nov 06 14:16:11 2006] [error] [client 192.168.130.224]
> gss_accept_sec_context() failed: A token was invalid (Token header is
> malformed or corrupt)
Client sends NTLM instead of Kerberos5.
> I have also taken a look and noticed that
On Wednesday 06 December 2006 15:15, Diego Lima wrote:
> On Tue, 5 Dec 2006 19:41:23 -, Tim Alsop wrote
>
> > It is not possible to configure IE to use anything other than LSA
> > for getting credentials, however Firefox can be configure to use a
> > GSS-API library
> Am I missing something?
On Wed, 6 Dec 2006 16:22:27 -, Tim Alsop wrote
> What URL are you using when you request access to the web site ?
I can reach the website through its IP address or its DNS name (estagiario6).
So I can access both using http://192.168.130.222 or http://estagiario6. I
don't think it's a server
?
Thanks,
Tim
-Original Message-
From: Diego Lima [mailto:[EMAIL PROTECTED]
Sent: 06 December 2006 14:15
To: Tim Alsop; Julio Cesar Parra/Mexico/IBM; Kerberos Mail List
Subject: RE: Using kerberos ticket on web browsers
On Tue, 5 Dec 2006 19:41:23 -, Tim Alsop wrote
> It is not possi
On Tue, 5 Dec 2006 19:41:23 -, Tim Alsop wrote
> It is not possible to configure IE to use anything other than LSA
> for getting credentials, however Firefox can be configure to use a
> GSS-API library
Thank you for your tip, I was able to find some documents regarding
configuring firefox b
Google for "mit2ms"
Diego Lima wrote:
> Hello again,
>
> We don't have any windows AD server on the network (actually, we have no
> Windows servers, AD or not). Currently we get our tickets from a Debian
> server configured with a Samba+OpenLDAP+MIT Kerberos. While windows doesn't
> get a tic
configure Firefox, look in help or let me know if you get
stuck.
Thanks,
Tim
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Diego Lima
Sent: 05 December 2006 19:32
To: Julio Cesar Parra/Mexico/IBM; Kerberos Mail List
Subject: Re: Using kerberos ticket on web
Hello again,
We don't have any windows AD server on the network (actually, we have no
Windows servers, AD or not). Currently we get our tickets from a Debian
server configured with a Samba+OpenLDAP+MIT Kerberos. While windows doesn't
get a ticket at logon, we use a combination of MIT for Window
Hi maybe these steps can help you with you problem.
If you are logging into an win AD server that is not on the same domain as
the webserver, you must do the following on the client PC's Broswer to
trust that site (so it sends kerb ticket)
1.In Internet Explorer, click Tools, and then click Int
18 matches
Mail list logo
