Internet explorer rejects cookies in kerberos protected intranet sites

Posted by remix_tj on Server Fault See other posts from Server Fault or by remix_tj
Published on 2010-05-28T20:05:06Z Indexed on 2010/05/28 20:12 UTC
Read the original article Hit count: 303

I'm trying to build an intranet site using joomla. The webserver is using HTTP Kerberos authentication with mod_kerb_auth. Everything works fine, the users get authenticated and so on. But if i try to login to the administrator panel i can't because IE does not accept the needed cookies. No such problem with firefox. The intranet site is called "intranet_new" and is hosted by webintranet04, under the directory /var/www/vhosts/joomla/intranet_new/.

I have my virtualhost for intranet_new containing this:

    <Location />
      AuthType Kerberos
      AuthName "Kerberos Login"
      KrbMethodNegotiate On
      KrbMethodK5Passwd On
      KrbAuthRealms PROV.TV.LOCAL
      Krb5KeyTab /etc/apache2/HTTP.keytab
      require valid-user
    </Location>

The same is for webintranet04 virtualhost, which is the default pointing to /var/www and contains:

    <Location /vhosts/joomla/>
      AuthType Kerberos
      AuthName "Kerberos Login"
      KrbMethodNegotiate On
      KrbMethodK5Passwd On
      KrbAuthRealms PROV.TV.LOCAL
      Krb5KeyTab /etc/apache2/HTTP.keytab
      require valid-user
    </Location>

the very strange problem i have is that if i open http:// webintranet04/vhosts/joomla/intranet_new/administrator IE allows me to login, accepting cookie. If i open http:// intranet_new/administrator, instead, i loop on the login page.

Last, intranet_new is a CNAME record of webintranet04.

This is only an IE problem. I need: - the admin interface to work with IE - the "kerberized" zone to accept cookie, because i am deploying other programs requiring cookies.

© Server Fault or respective owner

Related posts about apache

Related posts about active-directory