[Freeipa-devel] Kerberos over HTTPS (KDC proxy)
Christian Heimes
cheimes at redhat.com
Thu May 28 07:45:20 UTC 2015
On 2015-05-28 07:32, Jan Cholasta wrote:
> Dne 27.5.2015 v 16:01 Christian Heimes napsal(a):
>> On 2015-05-27 15:51, Nathaniel McCallum wrote:
>>> As I understand the problem, there is an assumption that an optional
>>> component has a distinct service to start and stop. That is not the
>>> case here. This is just new config for apache.
>>
>> More details:
>>
>> The KDC Proxy uses the same Apache instance as FreeIPAs Web GUI and
>> Tomcat. There is no extra service involved. The switch just decides if
>> https://ipa.example.org/KdcProxy acts as a MS-KKDCP end point or returns
>> a 404 error.
>
> FYI Tomcat does not use the same Apache instance, the Apache instance is
> configured to proxy requests to Tomcat.
>
> If the IPA KDC proxy package is not installed on a replica, then going
> to /KdcProxy will return 404, right? Why is an additional switch
> necessary then?
The python-kdcproxy package is a new dependency for the freeipa-server
package. It will always get installed with the server.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150528/2ca3ab12/attachment.sig>
More information about the Freeipa-devel
mailing list