[Freeipa-users] IE or Firefox & Apache Kerberos authentication

Simo Sorce simo at redhat.com
Mon Sep 16 17:46:09 UTC 2013 

On Mon, 2013-09-16 at 17:04 +0000, Ondrej Valousek wrote:
> Thanks,
> Is the article about http principals for apache still relevant?
> I would guess that with gss-proxy (F19) it is much simpler.

You still need a princiapl and a keytab yes.

Here instructions if you want to use iot with GSS-Proxy:

https://fedorahosted.org/gss-proxy/wiki/Apache


HTH,
Simo.

> Ondrej
> 
> 
> 
> 
> Odesláno ze Samsung Mobile
> 
> 
> 
> -------- Původní zpráva --------
> Od: Christian Horn <chorn at fluxcoil.net> 
> Datum: 
> Komu: freeipa-users at redhat.com 
> Předmět: Re: [Freeipa-users] IE or Firefox & Apache Kerberos
> authentication 
> 
> 
> 
> 
> Hi,
> 
> On Mon, Sep 16, 2013 at 04:04:49PM +0000, Ondrej Valousek wrote:
> > Is there any howto describing Firefox (or IE, if possible)
> authenticating against Apache web server using GSSAPI/Kerberos?
> > Both client & server in the same IPA domain.
> > Ideally I would like to know FF and Apache setup + compatibility
> info (i.e. does IE + IIS use the same thing or not)
> 
> Not aware of a "includes all"-guide, but would start here:
> 
> - adding the HTTP service principal:
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#adding-service-entry-cmd
> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/managing-services.html#adding-service-entry
> - when you host multiple kerberized sites on the server 
> (access required a Red Hat subscription):
> https://access.redhat.com/site/solutions/206623
> - apache side config:
> http://modauthkerb.sourceforge.net/configure.html
> - firefox client side config:
> http://www.grolmsnet.de/kerbtut/firefox.html
> 
> 
> Christian
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-users mailing list