[Freeipa-devel] Kerberos over HTTPS (KDC proxy)
Jan Cholasta
jcholast at redhat.com
Thu May 28 05:32:14 UTC 2015
Dne 27.5.2015 v 16:01 Christian Heimes napsal(a):
> On 2015-05-27 15:51, Nathaniel McCallum wrote:
>> As I understand the problem, there is an assumption that an optional
>> component has a distinct service to start and stop. That is not the
>> case here. This is just new config for apache.
>
> More details:
>
> The KDC Proxy uses the same Apache instance as FreeIPAs Web GUI and
> Tomcat. There is no extra service involved. The switch just decides if
> https://ipa.example.org/KdcProxy acts as a MS-KKDCP end point or returns
> a 404 error.
FYI Tomcat does not use the same Apache instance, the Apache instance is
configured to proxy requests to Tomcat.
If the IPA KDC proxy package is not installed on a replica, then going
to /KdcProxy will return 404, right? Why is an additional switch
necessary then?
>
> My patch "0001 Provide Kerberos over HTTP (MS-KKDCP)" has more details.
>
> Christian
>
--
Jan Cholasta
More information about the Freeipa-devel
mailing list