[37918] in Kerberos
single sign on problem on macOS Sierra (Version10.12.3), client
daemon@ATHENA.MIT.EDU (Giuseppe Mazza)
Mon Mar 27 10:02:07 2017
To: kerberos@mit.edu
From: Giuseppe Mazza <g.mazza@imperial.ac.uk>
Message-ID: <98fd6b81-511a-ea6b-f5ad-94b54639c3a0@imperial.ac.uk>
Date: Mon, 27 Mar 2017 15:01:51 +0100
MIME-Version: 1.0
In-Reply-To: <mailman.649.1490371275.24231.kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Dear Hugh,
Thank you for your reply.
On 24/03/17 16:01, kerberos-request@mit.edu wrote:
> Today's Topics:
>
> 1. Re: Kerberos Digest, Vol 171, Issue 14 (Hugh Cole-Baker)
>>
>> I have tried to implement single-sign-on on a my macbook.
>>
>> - has anybody manage to configure supported browsers for Kerberos sso
>> and apache on macOS clients?
>>
>
> Yes, if you're using Firefox you should read
> https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication
> and set the preferences mentioned on that page to whitelist the URLs
> you want to use HTTP Negotiate auth with. Firefox will not try Negotiate by
> default.
Yes, it works.
I had already tried that. It seems to me that my problem was the enctype
of my ticket granting ticket principal key was DES.
I upgraded it from DES to AES256 on my kerberos master (yes, I know:
something I had to do anyway).
Then I followed the steps in the documentation you point me to, i.e.
https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication
and Firefox on my macbook is much happier now.
Thank you again,
Giuseppe
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
