single sign on problem on macOS Sierra (Version10.12.3) client

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

single sign on problem on macOS Sierra (Version10.12.3) client

Giuseppe Mazza
Hello there,

I have tried to implement single-sign-on on a my macbook.

What I can:
- I can kinit and get a valid ticket
- I can ssh into a linux machine part of my realm without I am asked for
a password

What I can *not*:
- browse a webpage even if I have kinit-ed successfully.
When I access my url, i.e.
I am prompted with a window asking for my username and password.
Moreover I have got no entry in /var/log/krb5kdc.log on my kerberos master.

I am sure the apache server is well configured. If I try to access the
same webpage from a linux client, it will work.

My questions are
- what is the authentication mechanism used by firefox to use Kerberos
for SSO? is it GSS-API?
I am asking because it seems to me that my macbook does not manage to
contact my kerberos server in the first place.
- has anybody manage to configure supported browsers for Kerberos sso
and apache on macOS clients?

Kind regards,
Kerberos mailing list           [hidden email]