summaryrefslogtreecommitdiffstats
path: root/install/html/ssbrowser.html
blob: 37dbcb40750d6c649ad2ae583c79c82150783e84 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Browser Kerberos Setup</title>
</head>
<body>
    <h2>Browser Kerberos Setup</h2>
    <h3> Internet Explorer Configuration </h3>
<p>Once you are able to log into the workstation with your kerberos key you should be able to use that ticket in Internet Explorer. For illustration purposes his page will use EXAMPLE.COM as the sample realm and example.com for the domain.
</p>
<ul><li> Login to the Windows machine using an account of domain EXAMPLE.COM

</li><li> In Internet Explorer, click Tools, and then click Internet Options.
</li></ul>
<ol><li> Click the Security tab.
</li><li> Click Local intranet.
</li><li> Click Sites
</li><li> Click Advanced
</li><li> Add *.example.com to the list

</li></ol>
<ul><li> In Internet Explorer, click Tools, and then click Internet Options.
</li></ul>
<ol><li> Click the Security tab.
</li><li> Click Local intranet.
</li><li> Click Custom Level
</li><li> Select Automatic logon only in Intranet zone.
</li></ol>
<ul><li> Visit a kerberized web site using IE. You must use the fully-qualified DN in the URL.
</li><li> If all went right, it should work.

</li></ul>
<h3 class="title">Firefox Configuration</h3>
<p>
You can configure Firefox to use Kerberos for Single Sign-on. In order for this functionality to work correctly, you need to configure your web browser to send your Kerberos credentials to the appropriate <span class="abbrev">KDC</span>.The following section describes the configuration changes and other requirements to achieve this.
</p>
<ol class="arabic">
<li>
<p>
In the address bar of Firefox, type <b class="userinput"><tt>about:config</tt></b> to display the list of current configuration options.
</p>
</li>

<li>
<p>
In the <span><b class="guilabel">Filter</b></span> field, type <b class="userinput"><tt>negotiate</tt></b> to restrict the list of options.
</p>
</li>
<li>
<p>
Double-click the <span class="emphasis"><em>network.negotiate-auth.trusted-uris</em></span> entry to display the <span class="emphasis"><em>Enter string value</em></span> dialog box.

</p>
</li>
<li>
<p>
Enter the name of the domain against which you want to authenticate, for example, <i class="replaceable"><tt>.example.com</tt></i>.
</p>
</li>
<li>
<p>
Repeat the above procedure for the <span class="emphasis"><em>network.negotiate-auth.delegation-uris</em></span> entry, using the same domain.
</p>
</li>

</ol>
</body>
</html>