Single Sign On (SSO) from Firefox on Ubuntu

I am trying to get single sign on working from Firefox version 3.6.6 running on Ubuntu 10.04 LTS Lucid Lynx to IIS 7 on Windows Server 2008.

If I type

kinit

then

kinit -S HTTP/mydomain.com

the resulting in a klist that looks like this

Ticket cache: FILE:/tmp/krb5cc_2040529396

Default principal: administrator@MYDOMAIN.COM

Valid starting Expires Service principal

07/24/10 18:20:26 07/25/10 04:20:29 HTTP/mydomain.com@MYDOMAIN.COM

renew until 07/25/10 18:20:26

And single sign on to a website on mydomain.com works perfectly. Yippee!

But if I type

kinit

then

kvno HTTP/mydomain.com

resulting in a klist that looks like this

Ticket cache: FILE:/tmp/krb5cc_2040529396

Default principal: administrator@MYDOMAIN.COM

Valid starting Expires Service principal

07/24/10 18:23:42 07/25/10 04:23:47 krbtgt/MYDOMAIN.COM@MYDOMAIN.COM

renew until 07/25/10 18:23:42

07/24/10 18:24:10 07/25/10 04:23:47 HTTP/mydomain.com@MYDOMAIN.COM

renew until 07/25/10 18:23:42

then navigating to a website on mydomain.com prompts for username and password :-(

It looks to me as if firefox is just taking the first ticket from the cache that matches the domain name

(ie the krbtgt ticket) rather than the correct HTTP ticket. Could that really be the problem???

I would LOVE some help. Does anyone recognise this problem? Does anyone h开发者_StackOverflowave an idea as to how I can go about further diagnosing the problem. Thanks

I had foolishly added a firefox configuration (about:config) entry to network.negotiate-auth.delegation.uris. Returning this value to the blank default got everything working smoothly.