13.2. Configuring Firefox to use Kerberos for single sign-on
You can configure Firefox to use Kerberos for single sign-on (SSO) to intranet sites and other protected websites. To do so, you first have to configure Firefox to send Kerberos credentials to the appropriate Key Distribution Center (KDC).
Even after Firefox is configured to pass Kerberos credentials, it still requires a valid Kerberos ticket to use. To generate a Kerberos ticket, use the kinit
command and supply the user password for the user on the KDC.
[jsmith@host ~] $ kinit Password for jsmith@EXAMPLE.COM:
Procédure
-
In the address bar of Firefox, type
about:config
to display the list of current configuration options. -
In the
Filter
field, typenegotiate
to restrict the list of options. -
Double-click the
network.negotiate-auth.trusted-uris
entry. Enter the name of the domain against which to authenticate, including the preceding period (.). If you want to add multiple domains, enter them in a comma separated list.
Figure 13.1. Manual Firefox Configuration
Ressources supplémentaires
- For information about configuring Firefox to use Kerberos in Identity Management, see the corresponding section in the Linux Domain Identity, Authentication, and Policy Guide.