There have been mixed reports that Firefox 10 doesn't work with an S4U2Proxy configured server. The TGT isn't delegating resulting in no ccache for IPA.
Ok turns out this bug is quite different from what it seemed to be initially.
And it is actually 2 bugs (took me hours in gdb to figure it all out, bleah).
So one bug is in krb5 1.9 and is not present in 1.10. The bug in 1.9 is upstream ticket http://krbdev.mit.edu/rt/Ticket/Display.html?id=6894 so we have a fix and is now tracked against Fedora 16 in https://bugzilla.redhat.com/show_bug.cgi?id=799150
The other bug is due to the way expiration times are checked in our framework.
I am sending a patch for that on freeipa-devel.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=799161
BZ 799161 is against krb5 in RHEL 6.3.
Use correct principal to test ticket:
master: 03fc5c3
ipa-2-2: 079bbaa
Metadata Update from @rcritten: - Issue assigned to simo - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/03
Login to comment on this ticket.