[Freeipa-users] Kerberos authentication setup
Adam Young
ayoung at redhat.com
Fri Nov 11 21:33:33 UTC 2011
On 11/11/2011 03:52 PM, Boris Epstein wrote:
> Hello all,
>
> I've got my FreeIPA seemingly running on a Fedora 16 machine but I can
> not log into it from a browser as I get the "Your kerberos ticket is
> no longer valid." message. So the question is: is there a good guide
> on how to set up the Kerberos components involved?
You will get this error for numerous reasons. If any of the security
mechanisms are not in place, tht is the only error message that will
get through.
1. You need to accept the CA cert
2. You need to accept the server cert...this will be automatic if you
have the CA cert.
3. You need to configure your browser and accept the config potions
that allow ticket forwarding
All this is done by clicking through the options from the link in the
same window as the Kerberos error message you mention.
I'f you've been through all this, then the problem is likely that you do
not have Kerberos set up on the machine running the browser, or you do
not have a ticket. Assuming the browser is running on the IPA server,
running kinit will be sufficient.
If you installed IPA on a machine that has no X server, and you need to
run the browser on a remote machine to talk to it, please follow the
steps to set up the remote machine as an ipa-client. That will get the
Kerberos ticket set up for you.
>
> Thanks.
>
> Boris.
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111111/425098be/attachment.htm>
More information about the Freeipa-users
mailing list