[Freeipa-users] login with kerberos on a webserver, just like with the ipa interface.
Han Boetes
hboetes at gmail.com
Fri Dec 21 13:44:39 UTC 2012
Sorry I couldn't reply earlier, somehow I don't receive my own
messages.
I had set chrome to --auth-server-whitelist=ipa-server.domain.com,
and not --auth-server-whitelist=*domain.com
On Thu, Dec 20, 2012 at 5:33 PM, Simo Sorce <simo at redhat.com> wrote:
> On Thu, 2012-12-20 at 16:38 +0100, Han Boetes wrote:
> > Hi,
> >
> >
> > I followed http://freeipa.org/page/Apache_SNI_With_Kerberos to enable
> > login in to a webserver with kerberos tickets. I followed everything
> > to the letter and all looks well.
> >
> >
> > I can log in with a username and password, but when I set the
> > httpd.conf entry to
> >
> >
> > KrbMethodK5Passwd off
> >
> >
> >
> > I can't log in. What works great with the ipa admin interface does not
> > work with this recipe.
> >
> > I even compared it to /etc/httpd/conf.d/ipa.conf and added the
> > KrbAuthRealms setting but to no avail.
> >
> >
> >
> > Adding KrbConstrainedDelegation on does not work alas. Although I am
> > using centos 6.3
> >
> >
> > I checked the http logfiles and the /var/log/krb5kdc.log, everything
> > else on that host works fine. I can log in without a password and sudo
> > -s works like it should.
> >
> >
> > Please help me debugging this issue. What am I missing?
>
> Are you using the same fully qualified name you have a keytab for ?
> Do you see a ticket for the target server in the user ccache on the
> client ?
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
--
# Han
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121221/b9ccfc48/attachment.htm>
More information about the Freeipa-users
mailing list