<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2"> <meta name="Generator" content="Microsoft Exchange Server"> <style></style> </head> <body> <div> <div>Thanks,</div> <div>I hoped that with gssproxy I could use a single central /etc/krb5.keytab (with all necessary principals) for nfs, apache, dhcpd,... and not worrying about file permissions.</div> <div>The beauty would be saved work with copying principals to separate files.</div> <div>Is it true?</div> <div>Ondrej</div> <div><br> </div> <div><br> </div> <div> <div style="font-size:75%; color:#575757">Odesláno ze Samsung Mobile</div> </div> <br> <br> <br> -------- Původní zpráva --------<br> Od: Simo Sorce <simo@redhat.com> <br> Datum: <br> Komu: Ondrej Valousek <ovalousek@vendavo.com> <br> Kopie: chorn@fluxcoil.net,freeipa-users@redhat.com <br> Předmět: Re: [Freeipa-users] IE or Firefox & Apache Kerberos authentication <br> <br> <br> </div> <font size="2"><span style="font-size:10pt;"> <div class="PlainText">On Mon, 2013-09-16 at 17:04 +0000, Ondrej Valousek wrote:<br> > Thanks,<br> > Is the article about http principals for apache still relevant?<br> > I would guess that with gss-proxy (F19) it is much simpler.<br> <br> You still need a princiapl and a keytab yes.<br> <br> Here instructions if you want to use iot with GSS-Proxy:<br> <br> <a href="https://fedorahosted.org/gss-proxy/wiki/Apache">https://fedorahosted.org/gss-proxy/wiki/Apache</a><br> <br> <br> HTH,<br> Simo.<br> <br> > Ondrej<br> > <br> > <br> > <br> > <br> > Odesláno ze Samsung Mobile<br> > <br> > <br> > <br> > -------- Původní zpráva --------<br> > Od: Christian Horn <chorn@fluxcoil.net> <br> > Datum: <br> > Komu: freeipa-users@redhat.com <br> > Předmět: Re: [Freeipa-users] IE or Firefox & Apache Kerberos<br> > authentication <br> > <br> > <br> > <br> > <br> > Hi,<br> > <br> > On Mon, Sep 16, 2013 at 04:04:49PM +0000, Ondrej Valousek wrote:<br> > > Is there any howto describing Firefox (or IE, if possible)<br> > authenticating against Apache web server using GSSAPI/Kerberos?<br> > > Both client & server in the same IPA domain.<br> > > Ideally I would like to know FF and Apache setup + compatibility<br> > info (i.e. does IE + IIS use the same thing or not)<br> > <br> > Not aware of a "includes all"-guide, but would start here:<br> > <br> > - adding the HTTP service principal:<br> > <a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#adding-service-entry-cmd"> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#adding-service-entry-cmd</a><br> > <a href="http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/managing-services.html#adding-service-entry"> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/managing-services.html#adding-service-entry</a><br> > - when you host multiple kerberized sites on the server <br> > (access required a Red Hat subscription):<br> > <a href="https://access.redhat.com/site/solutions/206623">https://access.redhat.com/site/solutions/206623</a><br> > - apache side config:<br> > <a href="http://modauthkerb.sourceforge.net/configure.html">http://modauthkerb.sourceforge.net/configure.html</a><br> > - firefox client side config:<br> > <a href="http://www.grolmsnet.de/kerbtut/firefox.html">http://www.grolmsnet.de/kerbtut/firefox.html</a><br> > <br> > <br> > Christian<br> > <br> > _______________________________________________<br> > Freeipa-users mailing list<br> > Freeipa-users@redhat.com<br> > <a href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br> > <br> > _______________________________________________<br> > Freeipa-users mailing list<br> > Freeipa-users@redhat.com<br> > <a href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br> <br> <br> -- <br> Simo Sorce * Red Hat, Inc * New York<br> <br> </div> </span></font> </body> </html>