So let me get this straight: A system that works fine one day does not work the next.
You have a Kerberos TIcket, it expires. The webUI doesn't work. You then do a kinit and reload the browser, and it does not work. THen you go through the initialization steps, including configuring the browser, and then the webUI does work? I can't see how that is possible. All that the browser config does is sets a couple of values in the properties that allows the browser forward the Kerberos TGT to the FreeIPA site. Are those values are somehow getting unset? There is something else going on. THe next time, before you re-init the tgt or anything, go through the steps here: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/sso-config-firefox.html and check the values for network.negotiate-auth.trusted-uris and network.negotiate-auth.delegation-uris ----- Original Message ----- From: "Steven Jones" <[email protected]> Cc: [email protected] Sent: Wednesday, November 23, 2011 8:06:40 PM Subject: Re: [Freeipa-users] Annoying issue with Firefox and kerberos ticket Hi, I am still having this issue....a restart doesnt fix it..... regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: [email protected] [[email protected]] on behalf of Steven Jones [[email protected]] Sent: Tuesday, 22 November 2011 12:11 p.m. To: Rob Crittenden Cc: [email protected] Subject: Re: [Freeipa-users] Annoying issue with Firefox and kerberos ticket I followed the prompt that comes up in Firefox... I have 3.6.24-3.el6 64bit.... No i didnt restart FF, it didnt say I needed to. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: Rob Crittenden [[email protected]] Sent: Tuesday, 22 November 2011 11:10 a.m. To: Steven Jones Cc: [email protected] Subject: Re: [Freeipa-users] Annoying issue with Firefox and kerberos ticket Steven Jones wrote: > Hi, > > I got Firefox on the IPA server (RHEL6.2beta 64bit) working yesterday, today > the Kerberos ticket had expired, so re-run kinit admin and hit re-try but I > still have to re-configure Firefox.....this seems odd....is this a known bug > or am I doing something wrong? How did you reconfigure it? The button again? Did you look to see if it was already configured? Did you try a restart of FF? Firefox in the past, 3.x-era, tended to be a bit flaky with tickets, especially renewing them. I can't recall any problems since 3.6. rob _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
