7311 – Only Microsoft's built in kerberos implementation works on Windows

Bug 7311 - Only Microsoft's built in kerberos implementation works on Windows

Summary: Only Microsoft's built in kerberos implementation works on Windows

Status:	NEW

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	Client (show other bugs)
Version:	trunk
Hardware:	PC Unknown

Importance:	P2 Normal
Target Milestone:	LowPrio
Assignee:	Bugzilla mail exporter

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-02-14 15:14 CET by Samuel Mannehed
Modified:	2023-12-01 14:53 CET (History)
CC List:	0 users

See Also:	5816
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Samuel Mannehed cendio

2019-02-14 15:14:05 CET

You can't authenticate with an alternative kerberos implementation in the ThinLinc client on Windows. Only Microsoft's built in implementation works.

See bug 5816 for Heimdal Kerberos authentication.

Comment 2 Pierre Ossman cendio

2019-02-19 12:39:31 CET

The use case is that you in some cases want to use Kerberos authentication against a ThinLinc system that has absolutely nothing to do with the Active Directory domain that your local Windows machine is a part of.

Under Linux you would just do "kinit user@OTHER.REALM", but Windows lacks any such tools. So people install alternative Kerberos implementations for this.

For reference there also floats around a bunch of different patches to add support for this for Putty, so there is some precedence for supporting this model.

Comment 3 Pierre Ossman cendio

2023-12-01 14:12:18 CET

For reference, Firefox supports using GSSAPI instead of SSPI on Windows. Relevant settings are:

 * network.auth.use-sspi
 * network.negotiate-auth.using-native-gsslib
 * network.negotiate-auth.gsslib

Note You need to log in before you can comment on or make changes to this bug.