Hey List,
I have been setting up SSO on our Intranet Apache server. All seems well, I think I have just about cracked it but it seems a little rough around the edges;
I enabled auth_mod_kerb, and created a test directory in my web root (/secure) and added a directory directive under the httpd.conf, I created a user in Active Ditectory, used ktpass.exe to map the user to the service principal and put the key tab on the Apache server and all seems well.
I am testing this with FireFox and Internet Explorer (Both on Windows XP Pro SP3 Client). FireFox works only with the FQDN of the Intranet server (and not just http://hostname/secure, this gives an authentication error), and only with our domain name set in "network.negotiate-auth.delegation-uris" and in "network.negotate-auth.trusted-uris".
Internet Explorer however only works with http://hostname/secure and not f.q.d.n/secure? (Integrate with Windows Authentication IS enabled).
Obviously as this point the reason I am posting here is because I am trying to eliminate the reasons for this. If it is a client side problem I need to seeks some more savvy IE/Windows users maybe but I am posting here to enquire if anyone has any thoughts about it possibly being DNS related or some sort of server misconfiguration?
uname -a Linux hades.nr5project.co.uk 2.6.18-128.1.6.el5 #1 SMP Wed Apr 1 09:19:18 EDT 2009 i686 i686 i386 GNU/Linux
Apache/2.2.11 (Unix) mod_auth_kerb/5.4 DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
Thanks for reading.