[Freeipa-devel] [PATCH 0015] mod_auth_gssapi: Remove ntlmssp support and restrict, mechanism to krb5
Simo Sorce
ssorce at redhat.com
Wed Jul 22 13:49:50 UTC 2015
----- Original Message -----
> From: "Christian Heimes" <cheimes at redhat.com>
> To: "freeipa-devel" <freeipa-devel at redhat.com>
> Sent: Wednesday, July 22, 2015 9:32:59 AM
> Subject: [Freeipa-devel] [PATCH 0015] mod_auth_gssapi: Remove ntlmssp support and restrict, mechanism to krb5
>
> By default mod_auth_gssapi allows all locally available mechanisms. If
> the gssntlmssp package is installed, it also offers ntlmssp. This has
> the annoying side effect that some browser will pop up a
> username/password request dialog if no Krb5 credentials are available.
>
> The patch restricts the mechanism to krb5 and removes ntlmssp and
> iakerb support from Apache's ipa.conf.
>
> The new feature was added to mod_auth_gssapi 1.3.0.
>
> https://fedorahosted.org/freeipa/ticket/5114
LGTM
Simo.
--
Simo Sorce * Red Hat, Inc. * New York
More information about the Freeipa-devel
mailing list