Quantal
requesting sharepointsite.testdomain with firefox with the following option set in about:config
network.negotiate-auth.trusted-uris "https://, http://"
klist
====================================================================================================Default principal: <email address hidden>
Valid starting Expires Service principal
27/02/2013 08:35 27/02/2013 18:35 <email address hidden>
renew until 28/02/2013 08:35
====================================================================================================
Valid starting Expires Service principal
27/02/2013 08:35 27/02/2013 18:35 <email address hidden>
renew until 28/02/2013 08:35
27/02/2013 08:37 27/02/2013 18:35 HTTP/searchsite.testdomain@
renew until 28/02/2013 08:35
27/02/2013 08:37 27/02/2013 18:35 <email address hidden>
renew until 28/02/2013 08:35
====================================================================================================
This results in a request for a ticket for the wrong name and no sso.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
retest Quantal
option rdns not set
requesting sharepointsite.testdomain with firefox with the following option set in about:config
network.negotiate-auth.trusted-uris "https://, http://"
klist
====================================================================================================
Default principal: <email address hidden>
Valid starting Expires Service principal
27/02/2013 08:53 27/02/2013 18:53 <email address hidden>
renew until 28/02/2013 08:53
27/02/2013 08:54 27/02/2013 18:53 HTTP/searchsite.testdomain@
renew until 28/02/2013 08:53
27/02/2013 08:54 27/02/2013 18:53 <email address hidden>
renew until 28/02/2013 08:53
Quantal testdomain with firefox with the following option set in about:config negotiate- auth.trusted- uris "https://, http://" ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ==Default principal: <email address hidden>
requesting sharepointsite.
network.
klist
=======
Valid starting Expires Service principal ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ==
27/02/2013 08:35 27/02/2013 18:35 <email address hidden>
renew until 28/02/2013 08:35
=======
option rdns=false ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ==
klist
=======
Default principal: <email address hidden>
Valid starting Expires Service principal .testdomain@ ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ==
27/02/2013 08:35 27/02/2013 18:35 <email address hidden>
renew until 28/02/2013 08:35
27/02/2013 08:37 27/02/2013 18:35 HTTP/searchsite
renew until 28/02/2013 08:35
27/02/2013 08:37 27/02/2013 18:35 <email address hidden>
renew until 28/02/2013 08:35
=======
This results in a request for a ticket for the wrong name and no sso.
%%%%%%% %%%%%%% %%%%%%% %%%%%%% %%%%%%% %%%%%%% %%%%%%% %%%%%%% %%%%%%% %%
Rebuilding kerberos for quantal krb5/os/ sn2princ. c
// hints.ai_ flags = AI_CANONNAME | AI_ADDRCONFIG;
hints. ai_flags = AI_CANONNAME;
apt-get build-dep libkrb5-3
apt-get source libkrb5-3
edit src/lib/
rebuild: 3...... ...deb
fakeroot debian/rules binary
dpkg -i ../libkrb5-
%%%%%%% %%%%%%% %%%%%%% %%%%%%% %%%%%%% %%%%%%% %%%%%%% %%%%%%% %%%%%%% %% testdomain with firefox with the following option set in about:config negotiate- auth.trusted- uris "https://, http://" ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ==
retest Quantal
option rdns not set
requesting sharepointsite.
network.
klist
=======
Default principal: <email address hidden>
Valid starting Expires Service principal .testdomain@
27/02/2013 08:53 27/02/2013 18:53 <email address hidden>
renew until 28/02/2013 08:53
27/02/2013 08:54 27/02/2013 18:53 HTTP/searchsite
renew until 28/02/2013 08:53
27/02/2013 08:54 27/02/2013 18:53 <email address hidden>
renew until 28/02/2013 08:53
======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ==
option rdns=false ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ==
klist
=======
Default principal: <email address hidden>
Valid starting Expires Service principal site.testdomain @ ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ==
27/02/2013 08:59 27/02/2013 18:59 <email address hidden>
renew until 28/02/2013 08:59
27/02/2013 09:00 27/02/2013 18:59 HTTP/sharepoint
renew until 28/02/2013 08:59
27/02/2013 09:00 27/02/2013 18:59 <email address hidden>
renew until 28/02/2013 08:59
=======
Now the setting rdns=false causes sso to work.