Hello List, I have found an inconsistency between IE and Firefox with respect to Keberos cross realm authentication.
I have two Windows domains W.NET and B.W.NET. If I setup SSO on a Linux web server lws.b.w.net and create the HTTP service account in the B.W.NET realm all works fine with both FF and IE. However, if I create the HTTP service in the parent domain W.NET, IE can sucessfully perform SSO whereas FF cannot. >From looking at a capture of the failure I see the following: C: KRB5 TGS-REQ for HTTP/lws.b.w.net S: KRB5 TGS-REP with krbtgt/W.NET C: DNS SRV query for _kerberos-master._udp.B.W.NET S: DNS No such name Can anyone explain this behavior and tell me if it is consistent with what is supposed to happen? Mike -- Michael B Allen PHP Active Directory Kerberos SSO http://www.ioplex.com/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
