SPNEGO question

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SPNEGO question

Pascal Jakobi
I am still testing kerberos pretty thoroughly. Now I am at SPNEGO.

I was able to have it to work (with firefox) when calling simple URI
such as http://host.domain.tld but not when calling
http://host.domain.tld/test_dir.
I did change the negotiate URI field in firefox configuration, but did
not touch the service keytab (HTTP/<host>). My guess is that the problem
is there...

Does this mean that in reality SPNEGO is limited to vrtual hosts ?

If someone could clarify, this would be more than useful...

Thanks in advance
--
Pascal Jakobi <mailto:[hidden email]>
116 rue de Stalingrad
93100 Montreuil, France
Tel : +33 6 87 47 58 19
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: SPNEGO question

Greg Hudson
On 11/09/2015 04:25 PM, Pascal Jakobi wrote:
> I am still testing kerberos pretty thoroughly. Now I am at SPNEGO.

These questions would be better suited for [hidden email]; the krbdev
list is for development of MIT krb5.

> I was able to have it to work (with firefox) when calling simple URI
> such as http://host.domain.tld but not when calling
> http://host.domain.tld/test_dir.
> I did change the negotiate URI field in firefox configuration, but did
> not touch the service keytab (HTTP/<host>). My guess is that the problem
> is there...
>
> Does this mean that in reality SPNEGO is limited to vrtual hosts ?

No, SPNEGO is not limited to virtual hosts.  Your problem is almost
certainly outside the scope of the GSS-API implementation (i.e. either
within Firefox or within the web server); unfortunately I don't know
what it might be.
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev