Re: [Fed-Talk] Is Single Sign On broken in Mavericks?
Re: [Fed-Talk] Is Single Sign On broken in Mavericks?
- Subject: Re: [Fed-Talk] Is Single Sign On broken in Mavericks?
- From: "Miller, Timothy J." <email@hidden>
- Date: Fri, 02 May 2014 12:10:29 +0000
- Thread-topic: [Fed-Talk] Is Single Sign On broken in Mavericks?
Kerberos failures come from a bunch of different sources, so absent an actual KRB_ERROR message and content it's generally going to be difficult to figure out what's wrong. For example, if some bright admin deleted the SPN, or (more likely) moved the service to a new DNS and SPN but left the old address as a CNAME (this works with Windows Kerberos but not anyone else's), you'll fall back from Kerberos to NTLM (assuming a SPNEGO service) and get prompted to authN.
-- T
>-----Original Message-----
>From: fed-talk-bounces+tmiller=email@hidden [mailto:fed-talk-
>bounces+tmiller=email@hidden] On Behalf Of Walls, Bryan K.
>(MSFC-EO50)
>Sent: Thursday, May 01, 2014 5:02 PM
>To: Jim Thomas
>Cc: email@hidden
>Subject: Re: [Fed-Talk] Is Single Sign On broken in Mavericks?
>
>Built in.
>
>Sent from my iPad
>
>On May 1, 2014, at 3:36 PM, "Jim Thomas" <email@hidden> wrote:
>
>
>
> Bryan,
>
> Is this with Apple's built-in AD, or with ADmitMac or Centrify ?
>
> Regards,
>
> Jim Thomas
> Senior Support Specialist
> Thursby Software Systems, Inc.
>
>
>
> On 5/1/14 3:31 PM, Walls, Bryan K. (MSFC-EO50) wrote:
>
>
> Just got a new Mac Pro at work! Running Mavericks with an
>official load.
>
> Single sign on isn't working for me in Safari. I have active TGT
>tickets, but when I access a page I'm not getting in. This worked fine in 10.8.5
>last week, though I was having some weird problems with redirect errors.
>Ultimately, though, I could switch between two sites and get in without
>reauthenticating under 10.8.5, but it doesn't work for me in Mavericks. Asked
>around, and that seems to be the common consensus at NASA. Is that a
>documented feature?
>
> This is SSO from AD user name and password, by the way. Not
>talking PIV.
>
> Bryan Walls
> email@hidden
>
>
>
>
>
>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>talk/email@hidden
>
> This email sent to email@hidden
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>talk/email@hidden
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden