Richard Newman rnewman at mozilla.com
Thu Jul 3 08:41:08 PDT 2014

> The global project include Desktop (windows) and mobile (android). Our goal is to include SSO in as many application as it's possible. Firefox seems to support SSO with Kerberos, but the question is does "Sync" support it too and if not, is it possible to be close as possible to a fake-sso (like using the same login/password as active directory). 

It's best to think of Sync on Android as being a separate pure-Java application that's bundled with Firefox. Sync doesn't use the same network stack, or any of the Gecko features that you might be used to from desktop.

Supporting Kerberos would involve either building a separate Kerberos-based auth layer in Java, alongside Firefox Accounts, or building a Firefox Account layer on top of your Kerberos system.

Kerberos is quite FxA-shaped, from my perspective, and you could use the local Kerberos password as a source of entropy.

If you're looking to build your own client software stack, reusing some of Mozilla's code, you can start building your own auth on top of Sync. If you're looking to work with (mostly) unmodified Firefox clients, that's a different story, and compatibility with FxA becomes more important.

More information about the Sync-dev mailing list