[Freeipa-devel] freeipa and samba
Simo Sorce
ssorce at redhat.com
Fri Feb 15 13:55:51 UTC 2008
On Fri, 2008-02-15 at 14:13 +0100, Thomas Sailer wrote:
> No significant difference IMO, except that the krb5 credentials cache
> file just isn't there when the script is called from firefox!
>
> Even strace'ing klist does not show any significant difference, except
> that in the firefox case klist cannot open the krb5 cc file listed in
> the environment.
This was exactly the point of the test.
Now we know that something wrong is going on with Firefox and kerberos
auth as not credential cache is generated.
As to the why, now we need to investigate further.
If you kdestroy your credentials on the client, then kinit and use only
FireFox, and then do a klist on the client, do you see a ticket for the
HTTP service?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list