single sign on problem on macOS Sierra (Version10.12.3) client
I have tried to implement single-sign-on on a my macbook.
What I can:
- I can kinit and get a valid ticket
- I can ssh into a linux machine part of my realm without I am asked for
What I can *not*:
- browse a webpage even if I have kinit-ed successfully.
When I access my url, i.e. https://intranet.example.com I am prompted with a window asking for my username and password.
Moreover I have got no entry in /var/log/krb5kdc.log on my kerberos master.
I am sure the apache server is well configured. If I try to access the
same webpage from a linux client, it will work.
My questions are
- what is the authentication mechanism used by firefox to use Kerberos
for SSO? is it GSS-API?
I am asking because it seems to me that my macbook does not manage to
contact my kerberos server in the first place.
- has anybody manage to configure supported browsers for Kerberos sso
and apache on macOS clients?