Closed
Bug 1121654
Opened 9 years ago
Closed 9 years ago
Kerberos-Authentication fails in FF35, wrong SPN
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1108971
People
(Reporter: hanspeter.klapf, Unassigned)
Details
(Keywords: regression)
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E; InfoPath.3; rv:11.0) like Gecko Steps to reproduce: Updated from Firefox 34 to Version 35. Actual results: Kerberos-Authentication on all Intranet-Sites is broken. Comparing the debug-output (nspr_log_modules=negotiateauth:5) there is one big difference between 34 and 35. The latter for uses the cname (intranet.mydomain.at) instead of the (reverse lookup) hostname (myintraserver05). 0[2711140]: service = stp-linz 0[2711140]: using negotiate-sspi 0[2711140]: nsAuthSSPI::Init 0[2711140]: InitSSPI 0[2711140]: Using SPN of [HTTP/intranet.mydomain.at] 0[2711140]: AcquireCredentialsHandle() succeeded. 0[2711140]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate] 0[2711140]: entering nsAuthSSPI::GetNextToken() 0[2711140]: InitializeSecurityContext: continue. 0[2711140]: Sending a token of length 40 Expected results: I didn't find an entry in changelog concerning this issue, so I think it is an bug of Version 35. In IE and Chrome the configuration works, as it did in Firefox up to Version 34.
Reporter | ||
Comment 1•9 years ago
|
||
sorry, I made a mistake: in line one of the debug output should be written "service = intranet.mydomain.at", because I replaced that in line five.
Comment 2•9 years ago
|
||
Confirming per bug 1121461, but this seems to have more specific info about what's wrong. Patrick, do you know what could have broken this for 35?
Comment 3•9 years ago
|
||
I almost wonder if this is due to bug 1048468... Hans Peter, do your systems use a pac file?
Flags: needinfo?(hanspeter.klapf)
Reporter | ||
Comment 4•9 years ago
|
||
Yes, we do use a PAC file. Other than described in https://bugzilla.mozilla.org/show_bug.cgi?id=1048468 we had no performance-isses with Firefox at our sites. Intranet sites are listed not to use proxy our PAC file, the Internet proxy should not be involved with DNS resolution, I guess.
Flags: needinfo?(hanspeter.klapf)
Comment 5•9 years ago
|
||
I think it is the same as 1108971
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Flags: needinfo?(mcmanus)
You need to log in
before you can comment on or make changes to this bug.
Description
•