> Never the less it is a change from earlier versions of Ubuntu and a
> change that makes Ubuntu + Firefox work in a different way than MS
> Windows + MSIE (negoiating different tickets), thus breaking Single
> Signon in typical Kerberos enabled environments.. our is a corporate one
> with Active Directory as Kerbereos and both MS IIS and Ubuntu Apache +
> mod_auth_kerb on the serverside.
> Used to work.. lucid breaks it..
I'm confused why you're seeing a change, since in my experience it's been
this way for quite some time. Firefox used the final hostname, whereas IE
always used the URL name. When we deployed Negotiate-Auth with
mod_auth_kerb, we had to add both principals to the server keytab. Many
other people had the same issue, as discussed on the mod_auth_kerb mailing
list, which is why mod_auth_kerb added an option to use any principal in
its keytab. This all happened back in 2007 for us.
Jesper Krogh <email address hidden> writes:
> Never the less it is a change from earlier versions of Ubuntu and a
> change that makes Ubuntu + Firefox work in a different way than MS
> Windows + MSIE (negoiating different tickets), thus breaking Single
> Signon in typical Kerberos enabled environments.. our is a corporate one
> with Active Directory as Kerbereos and both MS IIS and Ubuntu Apache +
> mod_auth_kerb on the serverside.
> Used to work.. lucid breaks it..
I'm confused why you're seeing a change, since in my experience it's been
this way for quite some time. Firefox used the final hostname, whereas IE
always used the URL name. When we deployed Negotiate-Auth with
mod_auth_kerb, we had to add both principals to the server keytab. Many
other people had the same issue, as discussed on the mod_auth_kerb mailing
list, which is why mod_auth_kerb added an option to use any principal in
its keytab. This all happened back in 2007 for us.
-- www.eyrie. org/~eagle/>
Russ Allbery (<email address hidden>) <http://