[Freeipa-devel] mod_auth_kerb ticket forwarding
Rob Crittenden
rcritten at redhat.com
Mon Aug 27 16:05:18 UTC 2007
Inspired by a patch from the modauthkerb mailing list by Mikkel Kruse
Johnsen I was able to get kerberos ticket forwarding working on Apache
with mod_auth_kerb. This needs lots more testing but the basic support
seems to be working.
Use kinit -f to get a forwardable ticket.
I've attached the source RPM in case anyone wants to spend some time
with this.
So assuming we have ticket fowarding, how do we want to change the way
things work in order to use it? Currently the XML-RPC server-side code
authenticates with a client cert and a special user. I suppose we can do
away with this and use the user's ticket?
As an aside, I haven't tested this using the PyKerberos client. I'll
need to try to figure out if it will just "work" or if I need to include
additional options.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mod_auth_kerb-5.3-4.ipa.src.rpm
Type: application/x-redhat-package-manager
Size: 84473 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070827/b59ddbeb/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070827/b59ddbeb/attachment-0001.bin>
More information about the Freeipa-devel
mailing list