No, the path failing is something application side within your setup. The configuration of the FQDN really just the domain and tld) is all you need, that is host.domain.tld adding the path should not break things in the browser configs.... for example in environments where many hosts use Negotiated auth (SPNEGO) the domain.tld should be a viable configuration setting too.
There are a number of reference documentation sets from commercial vendors on enabling SPNEGO, including ours http://www.cloudera.com/content/www/en-us/documentation/enterprise/latest/topics/cdh_sg_browser_access_kerberos_protected_url.html Weblogic http://www.oracle.com/technetwork/articles/idm/weblogic-sso-kerberos-1619890.html IBM http://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/csec_SPNEGO_explain.html These can help in building your understanding of it, setting it up, and troubleshooting things. On Mon, Nov 9, 2015 at 3:07 PM, Pascal Jakobi <pascal.jak...@gmail.com> wrote: > > > I am still testing kerberos pretty thoroughly. Now I am at SPNEGO. > > I was able to have it to work (with firefox) when calling simple URI > such as http://host.domain.tld but not when calling > http://host.domain.tld/test_dir. > I did change the negotiate URI field in firefox configuration, but did > not touch the service keytab (HTTP/<host>). My guess is that the problem > is there... > > Does this mean that in reality SPNEGO is limited to vrtual hosts ? > > If someone could clarify, this would be more than useful... > > Thanks in advance > -- > Pascal Jakobi <mailto:pascal.jak...@gmail.com> > 116 rue de Stalingrad > 93100 Montreuil, France > Tel : +33 6 87 47 58 19 > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > -- Todd Grayson Customer Operations Engineering, Security SME ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
