I ran some tests on Kerberos and found out some strange behavior related to Firefox and Kerberos. I have a server running Apache + mod_auh_kerb which is configured to check kerberos credential when serving requests from clients. Kerberos authentication is performed and user without valid credentials are rejected. However, I do not understand the following:
Once the first request is made, a TGS is cached on the client in /tmp/krb5ccXXXX, but a network capture revealed that firefox request a TGS for every single connections. As my service ticket is cached then why isn't it re-used for other requests ? Every connections are as follows:
client = GET index.html => server
client <= 401 Auth required = server
client = TGS-REQ => KDC
...
client <= TGS-REP = KDC
client = GET index.html + kerberos payload => server
client <= 200 OK = server
This is not a configuration issue as Konqueror perform as expected.
Any ideas ?
Thanks in advance.
PS: This is not such a big issue for GET requests but consider form-based uploads (POST) data should not be sent twice to the server !!