Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Kerberos Authentication Not Working on OS X 10.6

  • 1 reply
  • 2 have this problem
  • 3 views
  • Last reply by richardmm

more options

Using FF version 20.0, on OS X 10.6.8, I can not get it to use Kerberos authentication to allow SSO to a SharePoint web site.

On OS X 10.8, with the same configuration in the about:config, everything works fine - the user is not prompted for credentials.

I have put the necessary entires in network.negotiate-auth.delegation-uris and network.automatic-ntlm-auth.trusted-uris, network.negotiate-auth.gsslib is set to true.

When I have setup to log the errors from the authentication module, I find in the log file "Fail to load gssapi library".

Interestingly on 10.8, when I start Firefox from the command line the Kerberos authentication does not work. When I start it via the icon, it does. What is the difference? Are the preferences not being loaded when launching via the command line?

Thanks for any help, Richard

Using FF version 20.0, on OS X 10.6.8, I can not get it to use Kerberos authentication to allow SSO to a SharePoint web site. On OS X 10.8, with the same configuration in the about:config, everything works fine - the user is not prompted for credentials. I have put the necessary entires in network.negotiate-auth.delegation-uris and network.automatic-ntlm-auth.trusted-uris, network.negotiate-auth.gsslib is set to true. When I have setup to log the errors from the authentication module, I find in the log file "Fail to load gssapi library". Interestingly on 10.8, when I start Firefox from the command line the Kerberos authentication does not work. When I start it via the icon, it does. What is the difference? Are the preferences not being loaded when launching via the command line? Thanks for any help, Richard

Chosen solution

Found the solution:

Was a combination of kinit being run on login (apparently a known 10.6 bug). Our Mac team were able to alter the appropriate plist file so that this does happen on login.

We also had to add an extra SPN for the actual server, as well as the DNS name of the SharePoint site we were trying to access with Kerberos authentication - although this may have something to do with using host-named site collections at the SharePoint end.

Main problem was the kinit thing though.

Read this answer in context 👍 1

All Replies (1)

more options

Chosen Solution

Found the solution:

Was a combination of kinit being run on login (apparently a known 10.6 bug). Our Mac team were able to alter the appropriate plist file so that this does happen on login.

We also had to add an extra SPN for the actual server, as well as the DNS name of the SharePoint site we were trying to access with Kerberos authentication - although this may have something to do with using host-named site collections at the SharePoint end.

Main problem was the kinit thing though.