[37312] in Kerberos
Re: SPNEGO question
daemon@ATHENA.MIT.EDU (Todd Grayson)
Mon Nov 9 17:27:33 2015
MIME-Version: 1.0
In-Reply-To: <56411911.8090601@gmail.com>
From: Todd Grayson <tgrayson@cloudera.com>
Date: Mon, 9 Nov 2015 15:26:52 -0700
Message-ID: <CALNT6MVhAFpjjCZDz7MttugE=wKrUfi_L0p1=7oYZ8FF3Tusfg@mail.gmail.com>
To: Pascal Jakobi <pascal.jakobi@gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
No, the path failing is something application side within your setup.
The configuration of the FQDN really just the domain and tld) is all you
need, that is host.domain.tld adding the path should not break things in
the browser configs.... for example in environments where many hosts use
Negotiated auth (SPNEGO) the domain.tld should be a viable configuration
setting too.
There are a number of reference documentation sets from commercial vendors
on enabling SPNEGO, including ours
http://www.cloudera.com/content/www/en-us/documentation/enterprise/latest/topics/cdh_sg_browser_access_kerberos_protected_url.html
Weblogic
http://www.oracle.com/technetwork/articles/idm/weblogic-sso-kerberos-1619890.html
IBM
http://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/csec_SPNEGO_explain.html
These can help in building your understanding of it, setting it up, and
troubleshooting things.
On Mon, Nov 9, 2015 at 3:07 PM, Pascal Jakobi <pascal.jakobi@gmail.com>
wrote:
>
>
> I am still testing kerberos pretty thoroughly. Now I am at SPNEGO.
>
> I was able to have it to work (with firefox) when calling simple URI
> such as http://host.domain.tld but not when calling
> http://host.domain.tld/test_dir.
> I did change the negotiate URI field in firefox configuration, but did
> not touch the service keytab (HTTP/<host>). My guess is that the problem
> is there...
>
> Does this mean that in reality SPNEGO is limited to vrtual hosts ?
>
> If someone could clarify, this would be more than useful...
>
> Thanks in advance
> --
> Pascal Jakobi <mailto:pascal.jakobi@gmail.com>
> 116 rue de Stalingrad
> 93100 Montreuil, France
> Tel : +33 6 87 47 58 19
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
Todd Grayson
Customer Operations Engineering, Security SME
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
