Firefox not using Kerberos despite being configured to

Question

I am deploying Linux/Firefox on a corporate Kerberos network.

I followed this Kerberos-on-Firefox procedure but still Firefox does not connect via the company's Kerberos.

I am using Firefox 3.0.18 on RedHat EL Server 5.5

Here is what I did:

• Run kinit on the command line to create a Kerberos ticket
• Check with klist: the ticket is valid until tomorrow, service principal is krbtgt/DC.THECOMPANY.COM@DC.THECOMPANY.COM.
• In Firefox, set network.negotiate-auth.trusted-uris and network.negotiate-auth.delegation-uris to .dc.thecompany.com.
• Load the company's portal page via its full hostname: http://server37.thecompany.com/alfresco. (note: server37 is actually the machine I am running Firefox on, but that should not be a problem I guess)

PROBLEM: the company's intranet portal still serves me the login/password page. The same portal correctly uses Kerberos on Internet Explorer/Windows 7 machines, same settings, and shows the user's personal page.

The server does not see any Kerberos request coming.
Did I do something wrong?

I enabled NSPR_LOG_MODULES=negotiateauth:5 as explained here, but the log file stays empty.

Answer 1

The network.negotiate-auth.trusted-uris should be .thecompany.com or server37.thecompany.com, not .dc.thecompany.com. Your server was not in the list of trusted URI and Firefox never tried to use Negotiate authentication.

For security reasons, I would also enable SSL (HTTPS).