This document covers the two main activities performed by a user of the CUKerberos for Firefox extension: logging into Kerberos (TGT acquisition) and configuring the extension with knowledge of properly configured web servers.
Last Update - release 0.0.3 - 20070402
Log In - TGT Acquisition
Before the extension can send credentials you must "log in to Kerberos" (in other words, acquire a TGT). This is done as follows.
- Windows
- Start -> Run ... sidecar.exe ... <enter>
- Right-click on the key in the system tray and log in as usual
Note: You may think of this as "logging into SideCar". This isn't strictly accurate. You're actually logging into Kerberos (acquiring a TGT).
- Linux
- kinit -4 NetID@CIT.CORNELL.EDU
Configuration of Known Servers
CUKerberos for Firefox adds a menu item to the Tools menu ("CUKerberos Server List"). The extension implements a primitive substring match (against the Server Pattern field in the Known Server List) on the Host header of each request in order to determine whether or not it should add credentials to the request. In the current release of the extension you must explicitly add an entry to this list for each server you want to use with the extension.
Warning: The CUWebAuth module on the server must be configured to allow inline authentication ("CUWAproxyAllow direct" - the recommended setting in the current CUWebAuth manual) for the inline credentials generated by the extension to be honored.
Option 1 - Try a Discover
You can interrogate a CUWebAuth server to discover its service and instance parameters.
Note: the CUWebAuth module on the server must be configured to allow inline authentication for the URL you provide to the Discover button
Note: due to a bug in the Discover button you must NOT have a TGT (be "logged out" from kerberos) before a Discover will work
Before:
Click add, enter a known CUWebAuth protected URL into the Server Pattern field...
... and click on Discover ...
... and update the Server Pattern to the hostname of the server ...
... and click OK:
Option 2 - Manually add a server
If you know the service / instance components of the server's k4 principal you can add them manually as follows.
Before:
Click add and fill out the dialog box...
... and click OK: