Closed
Bug 537903
Opened 15 years ago
Closed 13 years ago
Use CNAME for SPN in Firefox doesn't work
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: bernd.aschenbrenner, Unassigned)
Details
(Whiteboard: [CLOSEME 2011-1-30])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729) We have two CISCO 6500 Content Switching Modules with two GSS in Front of them. There ist a CNAME elakneut.magwien.gv.at to login to the Application. When you connect to the application, you connect to the IP-address 10.152.252.145. But if a Reverse Lookup is made für taking a Kerberos Ticket, you get the Name "elakneut.gslb.magwien.gv.at". Firefox sends this ticket to the Apache. When the apache compares the refferer with the principal in the kerberos ticket, they are different (reffer: elakneut.magwien.gv.at; Princ in ticket is elakneut.gslb.magwien.gv.at). There is a new wininet.dll from Microsoft with a Fix for the Internet-Explorer versio 6 oder higher. It's documented there http://support.microsoft.com/kb/911149. Can anybody build a fix for Firefox? Dears Bernd Aschenbrenner Reproducible: Always Steps to Reproduce: 1. Login to the Web-Site via Kerberos 2. In the Error-Log of the apache you'll see krb5_144 Actual Results: When you have a CName, thata is different to the "servername", you'll get problems with kerberos authentication, when firefox does a reverse lookup. I'll get a failure in the apache error log [Tue Jan 05 11:21:56 2010] [error] [client 10.152.253.145] mod_spnego: gss_accept_sec_context failed; GSS-API: Unspecified GSS failure. Minor code may provide more information), referer: https://elakneut.magwien.gv.at/fscelak/ [Tue Jan 05 11:21:56 2010] [error] [client 10.152.253.145] mod_spnego: gss_accept_sec_context failed; GSS-API mechanism: Unknown code krb5 144), referer: https://elakneut.magwien.gv.at/fscelak/ Expected Results: The Software should Log in to the Web-Site and send a krb5 ticket with the Principal "elakneut.magwien.gv.at"
Comment 1•14 years ago
|
||
Reporter, are you still seeing this issue with Firefox 3.6.13 or later in safe mode? If not, please close. These links can help you in your testing. http://support.mozilla.com/kb/Safe+Mode http://support.mozilla.com/kb/Managing+profiles You can also try to reproduce in Firefox 4 Beta 8 or later, there are many improvements in the new version, http://www.mozilla.com/en-US/firefox/all-beta.html
Whiteboard: [CLOSEME 2011-1-30]
Comment 2•13 years ago
|
||
No reply, INCOMPLETE. Please retest with Firefox 3.6.13 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INCOMPLETE
Comment 3•12 years ago
|
||
This is still a problem in firefox 13.0.1 It would be very nice to get it fixed. There are articles referencing the same problem with Microsofts Internet explorer: http://technet.microsoft.com/en-us/library/gg502606.aspx regards Erik
I see the same problem in firefox 22.0 The hotfix for IE works but couldn't get any version of Firefox to work. Please suggest.
Comment 5•11 years ago
|
||
Hi! The bug is still present in Firefox 23.0.1 on Linux. Cheers
Comment 6•11 years ago
|
||
Hi! I'm sorry for my last comment, I think I did a mistake, I can't reproduce the bug and everything seems to work just fine with CNAMEs. All my apologies Cheers
You need to log in
before you can comment on or make changes to this bug.
Description
•