Bug 450313

Summary: Any changes in Firefox 3's configuration
Product: [Retired] freeIPA Reporter: Eric Desgranges <eric>
Component: DocumentationAssignee: Rob Crittenden <rcritten>
Status: CLOSED NOTABUG QA Contact: Chandrasekar Kannan <ckannan>
Severity: low Docs Contact:
Priority: low    
Version: 1.0CC: benl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-06-16 12:58:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 431020    

Description Eric Desgranges 2008-06-06 16:39:16 UTC 
Following the Using_a_Browser_on_Another_System's instructions to connect to the
ipa server with Firefox 3 Beta 5 (installed on Fedora 9), I keep getting
"Kerberos Authentication Failed", etc... even though kinit admin succeeded. 

I just tried the same url with the text browser elinks and it goes through!

Are there any changes needed for Firefox 3 than those listed on the documentation?
Comment 1 Rob Crittenden 2008-06-09 14:10:32 UTC 
Look in about:config and search for 'negot'. It should look something like this,
but with better formatting:

network.negotiate-auth.allow-proxies true
network.negotiate-auth.delegation-uris example.com
network.negotiate-auth.gsslib <empty>
network.negotiate-auth.trusted-uris example.com
network.negotiate-auth.using-native-gsslib true

There is some good documentation, with screenshots, on how to setup negotiation
in general at http://people.redhat.com/mikeb/negotiate/

At the bottom is information on how to have the browser generate a log of what
it is doing that can be helpful.

Alternatively you can try the autoconfigure button that should be on the
Kerberos Authentication failed page. You need to first import and trust the CA
(select all 3 checkboxes) and restart the browser. Then click the button and
accept that it will change your browser prefs and you should be ok.
Comment 2 Eric Desgranges 2008-06-12 18:03:33 UTC 
That is what I had done, trying both methods. I'm currently working on something
else, I'll give it a second try and keep you updated.
Comment 3 Eric Desgranges 2008-06-16 10:27:00 UTC 
I finally got Firefox 3 Beta 5 working. By default it is much more sensitive to
SSL certificates checking, I guess that's why I couldn't get in until I got a
certificate from a known authority.
Comment 4 Rob Crittenden 2008-06-16 12:58:09 UTC 
Glad you got things working. Closing bug.