> On 7 Nov 2015, at 00:04, Benjamin Kaduk wrote:
>
[...]
> Did you investigate putting a domain_realm mapping to KDCDOMAIN in the
> alternate krb5.conf during your testing? I would expect that to allow the
> krb5_sname_to_principal behavior to be changed.
Ach, of course, yes, that does indeed
I am still testing kerberos pretty thoroughly. Now I am at SPNEGO.
I was able to have it to work (with firefox) when calling simple URI
such as http://host.domain.tld but not when calling
http://host.domain.tld/test_dir.
I did change the negotiate URI field in firefox configuration, but did
n
No, the path failing is something application side within your setup.
The configuration of the FQDN really just the domain and tld) is all you
need, that is host.domain.tld adding the path should not break things in
the browser configs for example in environments where many hosts use
Negotiat
Hi Pascal,
> I was able to have it to work (with firefox) when calling simple URI
> such as http://host.domain.tld but not when calling
> http://host.domain.tld/test_dir.
That surprises me. I've been putting host.fqdn.names and .domain.names
into the network.negotiate-auth.trusted-uris field in
