[Freeipa-users] Kerberos authentication setup

Adam Young ayoung at redhat.com
Fri Nov 11 21:51:37 UTC 2011 

On 11/11/2011 04:50 PM, Boris Epstein wrote:
> On Fri, Nov 11, 2011 at 4:18 PM, Dmitri Pal<dpal at redhat.com>  wrote:
>> On 11/11/2011 03:52 PM, Boris Epstein wrote:
>>
>> Hello all,
>> I've got my FreeIPA seemingly running on a Fedora 16 machine but I can not log into it from a browser as I get the "Your kerberos ticket is no longer valid." message. So the question is: is there a good guide on how to set up the Kerberos components involved?
>>
>> Do you use browser from the same machine as you server or different?
>> Is it a Linux machine?
>> What is the browser you are using?
>>
>> The procedure is (on server):
>> 1) Install server
>> 2) kinit admin (or other user you want to use that you added)
>> 3) start browser
>> 4) follow the prompts reading carefully - accept certs and let the browser configuration script run
>> 5) Enjoy the UI
>>
>> On non server:
>> 1) Install client
>> 2) kinit admin (or other user you want to use that you added)
>> 3) start browser on that machine
>> 4) follow the prompts reading carefully - accept certs and let the browser configuration script run
>> 5) Enjoy the UI
>>
>> If you are trying to access it from a machine that is not a member of the domain you have to go to IPA and allow basic auth but we do not recommend it as it is insecure.
>>
>>
>>
>>
>> Thanks.
>> Boris.
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IPA project,
>> Red Hat Inc.
>>
>>
>> -------------------------------
>> Looking to carve out IT costs?
>> www.redhat.com/carveoutcosts/
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> Dmitry,
>
> We intend to have this on a secure network so how do I enable basic
> authentication?
>
> And thanks for all your help.
>
> Boris.
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

ipa-httpd-dekerb ()
{
     ssh root@$IPASERVER "sed 's!KrbMethodK5Passwd off!KrbMethodK5Passwd 
on!' < /etc/httpd/conf.d/ipa.conf > /etc/httpd/conf.d/ipa.conf.new ; mv 
/etc/httpd/conf.d/ipa.conf.new /etc/httpd/conf.d/ipa.conf  ; service 
httpd restart "
}

More information about the Freeipa-users mailing list