I am trying to get single sign on working from Firefox version 3.6.6 running on Ubuntu 10.04 LTS Lucid Lynx to IIS 7 on Windows Server 2008.
If I type
kinit
then
kinit -S HTTP/mydomain.com
the resulting in a klist that looks like this
Ticket cache: FILE:/tmp/krb5cc_2040529396
Default principal: [email protected]
Valid starting Expires Service principal
07/24/10 18:20:26 07/25/10 04:20:29 HTTP/[email protected]
renew until 07/25/10 18:20:26
And single sign on to a website on mydomain.com works perfectly. Yippee!
But if I type
kinit
then
kvno HTTP/mydomain.com
resulting in a klist that looks like this
Ticket cache: FILE:/tmp/krb5cc_2040529396
Default principal: [email protected]
Valid starting Expires Service principal
07/24/10 18:23:42 07/25/10 04:23:47 krbtgt/[email protected]
renew until 07/25/10 18:23:42
07/24/10 18:24:10 07/25/10 04:23:47 HTTP/[email protected]
renew until 07/25/10 18:23:42
then navigating to a website on mydomain.com prompts for username and password :-(
It looks to me as if firefox is just taking the first ticket from the cache that matches the domain name
(ie the krbtgt ticket) rather than the correct HTTP ticket. Could that really be the problem???
I would LOVE some help. Does anyone recognise this problem? Does anyone have an idea as to how I can go about further diagnosing the problem. Thanks