[Freeipa-users] IE or Firefox & Apache Kerberos authentication
Simo Sorce
simo at redhat.com
Mon Sep 16 17:46:09 UTC 2013
On Mon, 2013-09-16 at 17:04 +0000, Ondrej Valousek wrote:
> Thanks,
> Is the article about http principals for apache still relevant?
> I would guess that with gss-proxy (F19) it is much simpler.
You still need a princiapl and a keytab yes.
Here instructions if you want to use iot with GSS-Proxy:
https://fedorahosted.org/gss-proxy/wiki/Apache
HTH,
Simo.
> Ondrej
>
>
>
>
> Odesláno ze Samsung Mobile
>
>
>
> -------- Původní zpráva --------
> Od: Christian Horn <chorn at fluxcoil.net>
> Datum:
> Komu: freeipa-users at redhat.com
> Předmět: Re: [Freeipa-users] IE or Firefox & Apache Kerberos
> authentication
>
>
>
>
> Hi,
>
> On Mon, Sep 16, 2013 at 04:04:49PM +0000, Ondrej Valousek wrote:
> > Is there any howto describing Firefox (or IE, if possible)
> authenticating against Apache web server using GSSAPI/Kerberos?
> > Both client & server in the same IPA domain.
> > Ideally I would like to know FF and Apache setup + compatibility
> info (i.e. does IE + IIS use the same thing or not)
>
> Not aware of a "includes all"-guide, but would start here:
>
> - adding the HTTP service principal:
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#adding-service-entry-cmd
> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/managing-services.html#adding-service-entry
> - when you host multiple kerberized sites on the server
> (access required a Red Hat subscription):
> https://access.redhat.com/site/solutions/206623
> - apache side config:
> http://modauthkerb.sourceforge.net/configure.html
> - firefox client side config:
> http://www.grolmsnet.de/kerbtut/firefox.html
>
>
> Christian
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list