Bug#496933: iceweasel: Kerberos authentication does not work

Lars-Johan Liman <liman-deb <at> autonomica.se> writes:

> It turns out that there has been a microscopic change in the
> interpretation of the 
>
>    network.negotiate-auth.trusted-uris
>
> key between Iceweasel 2.x and 3.x. In my version 2.0 config I had set
>
>    network.negotiate-auth.trusted-uris   https:
>
> but it turns out that that is not sufficient to trigger the Kerberos
> behaviour in Iceweasel 3.0, but when I changed it to
>
>    network.negotiate-auth.trusted-uris   https://
>
> (note the trailing double-slash) it just started working again.

Oh.  Yes.  The matching logic there has been very badly underdocumented.

> And, BTW, it is not necessary to set the
>
>    network.negotiate-auth.delegation-uris
>
> key to any value. The "trusted-uris" is sufficient - at least in my
> case. 

Right, I was talking about the other way around (the original message
mentioned setting only delegation-uris, not trusted-uris, IIRC).  You
generally do not want to set delegation-uris unless you have a specific
need, and you *never* want to set it to a wildcard like https://.

--

-- 
Russ Allbery (rra <at> debian.org)               <http://www.eyrie.org/~eagle/>