Open
Bug 799930
Opened 12 years ago
Updated 2 years ago
Firefox sends Kerberos TGTs over plain HTTP
Categories
(Core :: Networking: HTTP, defect, P3)
Tracking
()
NEW
People
(Reporter: jhorak, Unassigned)
Details
(Whiteboard: [necko-backlog][ntlm])
From: https://bugzilla.redhat.com/show_bug.cgi?id=863106
Description of problem:
When configuring Firefox for Kerberos authentication in some (rare) cases one needs to set network.negotiate-auth.delegation-uris to allow sending the Kerberos TGT to the server. However, it seems that values like https://*.example.com don't work so if a user is using a server which for some reason doesn't require SSL then the TGT will be sent over plain HTTP.
It should be possible to limit TGT transfer over HTTPS only with wildcards like https://*.example.com.
|
||
Updated•12 years ago
|
Component: General → Networking: HTTP
Product: Firefox → Core
|
Reporter | |
Comment 1•12 years ago
|
||
What do you think of it guys? I can do that, but not sure if it is wanted.
|
||
Updated•9 years ago
|
Whiteboard: [necko-backlog][ntlm]
|
||
Comment 2•7 years ago
|
||
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P1
|
|
||
Comment 3•7 years ago
|
||
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: P1 → P3
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•