Kerberos-Authentication fails in FF35, wrong SPN

RESOLVED DUPLICATE of bug 1108971

Status

()

Core
Networking
RESOLVED DUPLICATE of bug 1108971
3 years ago
3 years ago

People

(Reporter: hanspeter.klapf, Unassigned)

Tracking

({regression})

35 Branch
x86_64
Windows 7
regression
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E; InfoPath.3; rv:11.0) like Gecko

Steps to reproduce:

Updated from Firefox 34 to Version 35.


Actual results:

Kerberos-Authentication on all Intranet-Sites is broken. Comparing the debug-output (nspr_log_modules=negotiateauth:5) there is one big difference between 34 and 35. The latter for uses the cname (intranet.mydomain.at) instead of the (reverse lookup) hostname (myintraserver05).

0[2711140]:   service = stp-linz
0[2711140]:   using negotiate-sspi
0[2711140]:   nsAuthSSPI::Init
0[2711140]:   InitSSPI
0[2711140]: Using SPN of [HTTP/intranet.mydomain.at]
0[2711140]: AcquireCredentialsHandle() succeeded.
0[2711140]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate]
0[2711140]: entering nsAuthSSPI::GetNextToken()
0[2711140]: InitializeSecurityContext: continue.
0[2711140]:   Sending a token of length 40


Expected results:

I didn't find an entry in changelog concerning this issue, so I think it is an bug of Version 35. In IE and Chrome the configuration works, as it did in Firefox up to Version 34.
(Reporter)

Comment 1

3 years ago
sorry, I made a mistake: in line one of the debug output should be written "service = intranet.mydomain.at", because I replaced that in line five.

Comment 2

3 years ago
Confirming per bug 1121461, but this seems to have more specific info about what's wrong.

Patrick, do you know what could have broken this for 35?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(mcmanus)
Keywords: regression

Comment 3

3 years ago
I almost wonder if this is due to bug 1048468... Hans Peter, do your systems use a pac file?
Flags: needinfo?(hanspeter.klapf)
(Reporter)

Comment 4

3 years ago
Yes, we do use a PAC file. Other than described in https://bugzilla.mozilla.org/show_bug.cgi?id=1048468 we had no performance-isses with Firefox at our sites. 

Intranet sites are listed not to use proxy our PAC file, the Internet proxy should not be involved with DNS resolution, I guess.
Flags: needinfo?(hanspeter.klapf)
I think it is the same as 1108971
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1108971
Flags: needinfo?(mcmanus)
You need to log in before you can comment on or make changes to this bug.