Configure Firefox 3.0.x to authenticate with Kerberos and not prompt

Question

I have an Intranet http application running on several machines in our Windows domain; everything works when using IE 7 because I can configure it to use Kerberos authentication and I've figured out how to get one of the intermediate machines to be Trusted for Delegation.

I have researched and tried to get Firefox 3.0.10 to use Kerberos:

navigate to about:config
filter to network.negotiate
update network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris with the following entries(separated by comma): http://jupiter2000/trimbrokerclient,http://johnxp/fileservicedemo

I have done this and even restarted Firefox and when I browse to the above sites on our LAN, I still get prompted for username and password and even when I supply them and the web page is loaded, I have some code in the app which displays the authentication method in effect and it is still NTLM, not Kerberos as when IE is used.

Can someone comment on how to get Firefox usable on this Intranet application of mine? Thank you.

p.s. while the names above are different, the app is the same. JUPITER2000 is IIS 6.0; JOHNXP is IIS 5.1.

score 6 · Accepted Answer · answered Apr 30 '09 at 22:29

6

From what I have done myself, you will only want to input the domain, and not the http:// or path.

answered Apr 30 '09 at 22:29

Jordan S. Jones

13,703
5
44
49

2

Thank you; I reduced my entries to simply read as: jupiter2000,johnxp which are the machine names within our Active Directory domain where the web app is deployed for this intranet application. I also had to add this same entry to: network.automatic-ntlm-auth.trusted-uris So in summary, the computer names in the domain must be added to the above entry and to these: network.negotiate-auth.delegation-uris network.negotiate-auth.trusted-uris – John Adams May 01 '09 at 15:50
Can this be done for all NETBIOS names (i.e. Trust the entire intranet)? Configuring this for example.com would work for WebServer01.example.com but not for WebServer01. You could add an entry for each server, but that would be impractical if there are many. – Gary May 04 '11 at 17:38

score 3 · Answer 2 · edited Feb 04 '11 at 03:34

3

There are 5 settings that need to be changed in FireFox. Only the domain is necessary.

See them all here:

FireFox settings for Integrated Windows Authentication

edited Feb 04 '11 at 03:34

Devendra D. Chavan

8,871
4
31
35

answered Dec 30 '10 at 14:23

Daniel

101
1
1

score 0 · Answer 3 · answered Nov 25 '10 at 10:41

0

you must use just the server name:

jupiter2000,johnxp

answered Nov 25 '10 at 10:41

mchiareli

1

this is not an answer please make this as comment – Jordy S Chemparathy Dec 06 '12 at 11:10

Configure Firefox 3.0.x to authenticate with Kerberos and not prompt

3 Answers3

Linked