[Freeipa-users] Annoying issue with Firefox and kerberos ticket

Adam Young ayoung at redhat.com
Thu Nov 24 03:59:23 UTC 2011 

So let me get this straight:  A system that works fine one day does not work the next.

You have  a Kerberos TIcket,  it expires.  The webUI doesn't work.  You then do a kinit and reload the browser,  and it does not work.  THen you  go through the initialization steps, including configuring the browser,  and then the webUI does work?


I can't see how that is possible.  All that the browser config does is sets a couple of values in the properties that allows the browser forward the Kerberos TGT to the FreeIPA site.  Are those values are somehow getting unset? There is something else going on.


THe next time,  before you re-init the tgt or anything,  go through the steps here:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/sso-config-firefox.html

and check the values for network.negotiate-auth.trusted-uris and network.negotiate-auth.delegation-uris 





----- Original Message -----
From: "Steven Jones" <Steven.Jones at vuw.ac.nz>
Cc: freeipa-users at redhat.com
Sent: Wednesday, November 23, 2011 8:06:40 PM
Subject: Re: [Freeipa-users] Annoying issue with Firefox and kerberos ticket

Hi,

I am still having this issue....a restart doesnt fix it.....

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Tuesday, 22 November 2011 12:11 p.m.
To: Rob Crittenden
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Annoying issue with Firefox and kerberos ticket

I followed the prompt that comes up in Firefox...

I have 3.6.24-3.el6 64bit....

No i didnt restart FF, it didnt say I needed to.

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Tuesday, 22 November 2011 11:10 a.m.
To: Steven Jones
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Annoying issue with Firefox and kerberos ticket

Steven Jones wrote:
> Hi,
>
> I got Firefox on the IPA server (RHEL6.2beta 64bit) working yesterday, today the Kerberos ticket had expired, so re-run kinit admin and hit re-try but I still have to re-configure Firefox.....this seems odd....is this a known bug or am I doing something wrong?

How did you reconfigure it? The button again? Did you look to see if it
was already configured? Did you try a restart of FF?

Firefox in the past, 3.x-era, tended to be a bit flaky with tickets,
especially renewing them. I can't recall any problems since 3.6.

rob


_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list