Re: iceweasel: Kerberos authentication does not work
Lars-Johan Liman <liman-deb@autonomica.se> writes:
> It turns out that there has been a microscopic change in the
> interpretation of the
>
> network.negotiate-auth.trusted-uris
>
> key between Iceweasel 2.x and 3.x. In my version 2.0 config I had set
>
> network.negotiate-auth.trusted-uris https:
>
> but it turns out that that is not sufficient to trigger the Kerberos
> behaviour in Iceweasel 3.0, but when I changed it to
>
> network.negotiate-auth.trusted-uris https://
>
> (note the trailing double-slash) it just started working again.
Oh. Yes. The matching logic there has been very badly underdocumented.
> And, BTW, it is not necessary to set the
>
> network.negotiate-auth.delegation-uris
>
> key to any value. The "trusted-uris" is sufficient - at least in my
> case. :-)
Right, I was talking about the other way around (the original message
mentioned setting only delegation-uris, not trusted-uris, IIRC). You
generally do not want to set delegation-uris unless you have a specific
need, and you *never* want to set it to a wildcard like https://.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: