[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iceweasel: Kerberos authentication does not work

Lars-Johan Liman <liman-deb@autonomica.se> writes:

> It turns out that there has been a microscopic change in the
> interpretation of the 
>    network.negotiate-auth.trusted-uris
> key between Iceweasel 2.x and 3.x. In my version 2.0 config I had set
>    network.negotiate-auth.trusted-uris   https:
> but it turns out that that is not sufficient to trigger the Kerberos
> behaviour in Iceweasel 3.0, but when I changed it to
>    network.negotiate-auth.trusted-uris   https://
> (note the trailing double-slash) it just started working again.

Oh.  Yes.  The matching logic there has been very badly underdocumented.

> And, BTW, it is not necessary to set the
>    network.negotiate-auth.delegation-uris
> key to any value. The "trusted-uris" is sufficient - at least in my
> case. :-)

Right, I was talking about the other way around (the original message
mentioned setting only delegation-uris, not trusted-uris, IIRC).  You
generally do not want to set delegation-uris unless you have a specific
need, and you *never* want to set it to a wildcard like https://.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: