Hide Forgot
Description of problem: Firefox 43 does not allow the kerberos extention to be installed in Fedora ipa/config/browserconfig.html on the ipa sever no longer works. existing installs firefox disables the extention. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
See https://fedorahosted.org/freeipa/ticket/4906
What version? FreeIPA 4.3 which is available in rawhide doesn't suggest to install extension for Firefox >= 40 https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a94f3e5be88aec378e62f8696ca928635e0569a5
Here is what you can see on Firefox configuration page in IPA 4.3: --------------------------------------------------------------- Firefox configuration Step 1 Make sure you select all three checkboxes. Step 2 In the address bar of Firefox, type about:config to display the list of current configuration options. In the Filter field, type negotiate to restrict the list of options. Double-click the network.negotiate-auth.trusted-uris entry to display the Enter string value dialog box. Enter the name of the domain against which you want to authenticate, for example, .example.com. Step 3 ---------------------------------------------------------------
I have freeipa-server-4.1.4-4.fc22.x86_64 installed and running
So this is not an issue in Rawhide then.
it is an issue for rawhide clients
it is also an issue for all fedora clients regardless of the version.
Dennis, can you elaborate? As far as I understand the issue, Kerberos extension should not be installed for Firefox 40 and above, but rather a manual procedure should be used. This procedure is documented in all FreeIPA releases starting from 4.3, but works with the older releases too: 1.) go to about:config 2.) set network.negotiate-auth.trusted-uris with *domain.name
my ipa server is on a fully updated fedora 22 server. regardless of the client os I use to access the server I get offered the extension to be installed on firefox greater than 40. at the least you need to backport disabling the extention to all supported releases. There are ways to get your extention signed by mozilla.
FreeIPA on F23 will receive update to version 4.2.4 which has the ticket - probably in 3 weeks. As for F22 I would avoid updating to 4.1.5. That release was not very well tested and therefore it is safer to stay on 4.1.4 for the remaining 5 or so months (F22 EOL). That said F22 can receive backport of patch for ticket #4966. Demo of the new config page: http://ipa.demo1.freeipa.org/ipa/config/browserconfig.html
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.