243850 - Kerberos (GSSAPI) credentials not used in 1.7RC1

Status: VERIFIED INVALID

(Core :: Networking: HTTP, defect)

Description

[Giuseppe Paterno']

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316

Hi there! I'm using Mozilla 1.7 RC1 recompiled from source.
I am logged in via Kerbeors (klist shows my tickets) and trying to connect to an
Apache with mod_auth_kerberos. It pops up an authorization prompt asking for
username and password: it seems strange since I got my kerberos ticket in cache
and it should use it.

With Mozilla 1.6 and the Negotiateauth plugin (http://negotiateauth.mozdev.org/)
the authentication works fine.

Reproducible: Always
Steps to Reproduce:
1.Apache with mod_auth_kerberos
2.Kerberos setup (KDC + client)
3.Mozilla 1.7 RC1

Actual Results:  
An authentication pop-up appears asking for Kerberos credentials

Expected Results:  
It should use my stored credentials in Kerberos cache.

Comment 1

[Frederic Bezies]

As 1.7rc2 just released, can you please try with this new version ?

Thanks.

Comment 2

[Darin Fisher]

If you are visiting a non-HTTPS site, then you will need to set a preference. 
Otherwise, Mozilla will not by default handle Kerberos auth.

Go to about:config, and add http://domain.com to this pref:

  network.negotiate-auth.trusted-uris

e.g.

  https://,http://domain.com

If that fixes the problem, then we can mark this bug report invalid.

Comment 3

[Giuseppe Paterno']

The problem was fixed both on Linux and MacOS X using the parameters:

network.negotiate-auth.trusted-uris

This applies also to RC1
Thank you very much!

Comment 4

[Darin Fisher]

Great!  At some point, we should really add a user-interface for configuring
this stuff :-)

Comment 5

[benc]

V/invalid, and I know I should doc this pref when I have a chance.