Hi Benjamin,
I have done the setup as you say below and I have posted my results to group
too.
Regards,
Miten.
From: Benjamin Kaduk
To: miten mehta
Cc: "kerberos@mit.edu"
Sent: Thursday, October 11, 2012 9:17 PM
Subject: Re: kerberos / spneg
On Wed, 10 Oct 2012, miten mehta wrote:
> Hi,
>
> I am using MIT kerberos both on debian and windows downloaded from
> http://www.kerberos.org/software/index.html.
If you are using MIT Kerberos and want to do SPNEGO from Firefox on
windows, you must set network.auth.use-sspi to false, *and* set
9 DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder
now cleared, as request processing completed
From: miten mehta
To: Benjamin Kaduk
Cc: "kerberos@mit.edu"
Sent: Thursday, October 11, 2012 10:23 AM
Subject: Re: kerberos / s
ubject: Re: kerberos / spnego
On Wed, 10 Oct 2012, miten mehta wrote:
> Hi Benjamin,
>
> I configured firefox for no sspi and also added domain primesystems.com
I do not remember seeing you specify what kerberos implementation you are
using. SSPI should only be disabled in some situation
On Wed, 10 Oct 2012, miten mehta wrote:
> Hi Benjamin,
>
> I configured firefox for no sspi and also added domain primesystems.com
I do not remember seeing you specify what kerberos implementation you are
using. SSPI should only be disabled in some situations, and I don't know
which situation
,
Miten.
From: Benjamin Kaduk
To: miten mehta
Cc: "kerberos@mit.edu"
Sent: Wednesday, October 10, 2012 2:51 AM
Subject: Re: kerberos / spnego
On Mon, 8 Oct 2012, miten mehta wrote:
> Hi Booker,
>
> I am using Internet Explorer 9 and assume it s
SException: Defective token detected (Mechanism level: GSSHeader
did not find the right tag)
Regards,
Miten.
From: Benjamin Kaduk
To: miten mehta
Cc: "kerberos@mit.edu"
Sent: Wednesday, October 10, 2012 2:51 AM
Subject: Re: kerberos / spnego
On Mo
On Mon, 8 Oct 2012, miten mehta wrote:
Hi Booker,
I am using Internet Explorer 9 and assume it should be configured
already for spnego. The webapp as such has to do some auth prompting so
I guess it starts out dong jaas based basic auth. I am just following
pretty much the article at sprin
> Sent: Monday, October 8, 2012 8:52 PM
> Subject: Re: kerberos / spnego
>
>
> Hi,
>
> As per the log, it seems that browser is sending NTLM token not kerberos
> token. You may want to check kdc, user and server url etc.
>
> Anurag
>
>
>
> ___________
ubject: Re: kerberos / spnego
Hi Booker,
I am using Internet Explorer 9 and assume it should be configured already for
spnego. The webapp as such has to do some auth prompting so I guess it starts
out dong jaas based basic auth. I am just following pretty much the article at
spring security and the
Hi,
I am using jdk 1.7 on win 7 and jdk 1.6 on debian.
Regards,
Miten.
From: Booker Bense
To: miten mehta
Cc: "kerberos@mit.edu"
Sent: Monday, October 8, 2012 7:44 PM
Subject: Re: kerberos / spnego
On Mon, Oct 8, 2012 at 5:21 AM, miten me
.
From: Booker Bense
To: miten mehta
Cc: "kerberos@mit.edu"
Sent: Monday, October 8, 2012 7:44 PM
Subject: Re: kerberos / spnego
On Mon, Oct 8, 2012 at 5:21 AM, miten mehta wrote:
> Hi,
>
> I have attempted kerberos for SSO for web app using
Shrivastava
To: miten mehta
Sent: Monday, October 8, 2012 8:52 PM
Subject: Re: kerberos / spnego
Hi,
As per the log, it seems that browser is sending NTLM token not kerberos token.
You may want to check kdc, user and server url etc.
Anurag
From: miten
On Mon, Oct 8, 2012 at 5:21 AM, miten mehta wrote:
> Hi,
>
> I have attempted kerberos for SSO for web app using spring-security and have
> doubts. would appreciate if one can take look at my post here and advise.
>
> http://forum.springsource.org/showthread.php?130775-spring-security-spnego-ker
Hi,
I have attempted kerberos for SSO for web app using spring-security and have
doubts. would appreciate if one can take look at my post here and advise.
http://forum.springsource.org/showthread.php?130775-spring-security-spnego-kerberos-sso&p=426585#post426585
Regards,
Miten.
__
Michael,
Not really sure myself. Did talk to a bea rep and was
given the same response , with the following
additional info:
when running ktpass on winn3k3 server and not setting
the encryption type, the default is: des-cbc-crc.
He could not answer why it made a difference though.
But FYI re your
John User wrote:
> I am having no luck setting up kerberos/spnego sso:
> The players:
>
> win2k3 AD box
> win xp client running IE 6 and latest firefox
> Weblogic 8.1 on a redhat box.
> Client trying to access resource on WLS:
>
> tcpdump shows WLS sending "WW
On Tue, 5 Sep 2006 22:30:33 -0700 (PDT)
John User <[EMAIL PROTECTED]> wrote:
>
> Maybe a step closer:
> when running ktpass used crypto type des-crc-md5
> There is now a session ticket avaiable to both IE and
> firefox.
I don't really understand this since IE nor FF have knowledge of the
enctyp
Maybe a step closer:
when running ktpass used crypto type des-crc-md5
There is now a session ticket avaiable to both IE and
firefox.
(Now the issue is to undo all the changes that were
attempted in tracing this issue)
--- Michael B Allen <[EMAIL PROTECTED]> wrote:
> On Tue, 5 Sep 2006 16:38:24
On Tue, 05 Sep 2006 21:37:03 -0400
Evan Vittitow <[EMAIL PROTECTED]> wrote:
> The capabilities of FireFox and IE are different. IE has to use NTLM.
> (with Apache's mod_auth_ntlm FireFox uses mod_auth_kerb with spnego.
IE and Firefox each support both NTLM and Kerberos.
--
Michael B Allen
PHP A
On Tue, 5 Sep 2006 16:38:24 -0700 (PDT)
John User <[EMAIL PROTECTED]> wrote:
> > > Neither IE nor firefox make any attempt to get a
> > > session ticket, - though they do send something
> > > encrtpted back in response.
> >
> > The client probably already had the ticket so no
> > comm. with KDC w
This is the exact thing I'm dealing with with Kerberos and Egroupware.
The capabilities of FireFox and IE are different. IE has to use NTLM.
(with Apache's mod_auth_ntlm FireFox uses mod_auth_kerb with spnego. To
get that working, the site you are connecting to has to be a "Trusted
URI" in the neg
the MS cache.
> If
> >> not you should see the
> >> client sending a TGS_REQ to the kdc on port 88.
> >>
> >> Regards
> >> Markus
> >>
> >> "John User" <[EMAIL PROTECTED]> wrote in
> message
> >&
gotiate-auth.delegation-uris).
>> Check also with kerbtray if
>> you have a TGS for HTTP/hostname in the MS cache. If
>> not you should see the
>> client sending a TGS_REQ to the kdc on port 88.
>>
>> Regards
>> Markus
>>
>> "John User&quo
Works Animation
> <mailto:[EMAIL PROTECTED]>
>
> On Tue, 5 Sep 2006, John User wrote:
>
> >
> >
> > --- Michael B Allen <[EMAIL PROTECTED]> wrote:
> >
> >> On Mon, 4 Sep 2006 13:31:58 -0700 (PDT)
> >> John User <[EMAIL PROTECTED]> wrote:
ED]> wrote in message
>
>
news:[EMAIL PROTECTED]
> >I am having no luck setting up kerberos/spnego sso:
> > The players:
> >
> > win2k3 AD box
> > win xp client running IE 6 and latest firefox
> > Weblogic 8.1 on a redhat box.
> > Client trying
ation
<mailto:[EMAIL PROTECTED]>
On Tue, 5 Sep 2006, John User wrote:
>
>
> --- Michael B Allen <[EMAIL PROTECTED]> wrote:
>
>> On Mon, 4 Sep 2006 13:31:58 -0700 (PDT)
>> John User <[EMAIL PROTECTED]> wrote:
>>
>>> I am having no luck sett
--- Michael B Allen <[EMAIL PROTECTED]> wrote:
> On Mon, 4 Sep 2006 13:31:58 -0700 (PDT)
> John User <[EMAIL PROTECTED]> wrote:
>
> > I am having no luck setting up kerberos/spnego
> sso:
> > The players:
> >
> > win2k3 AD box
> > win xp c
you have a TGS for HTTP/hostname in the MS cache. If not you should see the
client sending a TGS_REQ to the kdc on port 88.
Regards
Markus
"John User" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>I am having no luck setting up kerberos/spnego sso:
> The play
On Mon, 4 Sep 2006 13:31:58 -0700 (PDT)
John User <[EMAIL PROTECTED]> wrote:
> I am having no luck setting up kerberos/spnego sso:
> The players:
>
> win2k3 AD box
> win xp client running IE 6 and latest firefox
> Weblogic 8.1 on a redhat box.
> Client tryin
I am having no luck setting up kerberos/spnego sso:
The players:
win2k3 AD box
win xp client running IE 6 and latest firefox
Weblogic 8.1 on a redhat box.
Client trying to access resource on WLS:
tcpdump shows WLS sending "WWW-Authenticate :
Negotiate" in response to request for the
31 matches
Mail list logo
