Discussion:
SPNEGO question
Pascal Jakobi
2015-11-09 21:25:26 UTC
Permalink
I am still testing kerberos pretty thoroughly. Now I am at SPNEGO.

I was able to have it to work (with firefox) when calling simple URI
such as http://host.domain.tld but not when calling
http://host.domain.tld/test_dir.
I did change the negotiate URI field in firefox configuration, but did
not touch the service keytab (HTTP/<host>). My guess is that the problem
is there...

Does this mean that in reality SPNEGO is limited to vrtual hosts ?

If someone could clarify, this would be more than useful...

Thanks in advance
--
Pascal Jakobi <mailto:***@gmail.com>
116 rue de Stalingrad
93100 Montreuil, France
Tel : +33 6 87 47 58 19
_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
Greg Hudson
2015-11-09 22:02:10 UTC
Permalink
Post by Pascal Jakobi
I am still testing kerberos pretty thoroughly. Now I am at SPNEGO.
These questions would be better suited for ***@mit.edu; the krbdev
list is for development of MIT krb5.
Post by Pascal Jakobi
I was able to have it to work (with firefox) when calling simple URI
such as http://host.domain.tld but not when calling
http://host.domain.tld/test_dir.
I did change the negotiate URI field in firefox configuration, but did
not touch the service keytab (HTTP/<host>). My guess is that the problem
is there...
Does this mean that in reality SPNEGO is limited to vrtual hosts ?
No, SPNEGO is not limited to virtual hosts. Your problem is almost
certainly outside the scope of the GSS-API implementation (i.e. either
within Firefox or within the web server); unfortunately I don't know
what it might be.
_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

Loading...