[Freeipa-users] IE or Firefox & Apache Kerberos authentication
Ondrej Valousek
ovalousek at vendavo.com
Mon Sep 16 18:35:31 UTC 2013
Thanks,
I hoped that with gssproxy I could use a single central /etc/krb5.keytab (with all necessary principals) for nfs, apache, dhcpd,... and not worrying about file permissions.
The beauty would be saved work with copying principals to separate files.
Is it true?
Ondrej
Odesláno ze Samsung Mobile
-------- Původní zpráva --------
Od: Simo Sorce <simo at redhat.com>
Datum:
Komu: Ondrej Valousek <ovalousek at vendavo.com>
Kopie: chorn at fluxcoil.net,freeipa-users at redhat.com
Předmět: Re: [Freeipa-users] IE or Firefox & Apache Kerberos authentication
On Mon, 2013-09-16 at 17:04 +0000, Ondrej Valousek wrote:
> Thanks,
> Is the article about http principals for apache still relevant?
> I would guess that with gss-proxy (F19) it is much simpler.
You still need a princiapl and a keytab yes.
Here instructions if you want to use iot with GSS-Proxy:
https://fedorahosted.org/gss-proxy/wiki/Apache
HTH,
Simo.
> Ondrej
>
>
>
>
> Odesláno ze Samsung Mobile
>
>
>
> -------- Původní zpráva --------
> Od: Christian Horn <chorn at fluxcoil.net>
> Datum:
> Komu: freeipa-users at redhat.com
> Předmět: Re: [Freeipa-users] IE or Firefox & Apache Kerberos
> authentication
>
>
>
>
> Hi,
>
> On Mon, Sep 16, 2013 at 04:04:49PM +0000, Ondrej Valousek wrote:
> > Is there any howto describing Firefox (or IE, if possible)
> authenticating against Apache web server using GSSAPI/Kerberos?
> > Both client & server in the same IPA domain.
> > Ideally I would like to know FF and Apache setup + compatibility
> info (i.e. does IE + IIS use the same thing or not)
>
> Not aware of a "includes all"-guide, but would start here:
>
> - adding the HTTP service principal:
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#adding-service-entry-cmd
> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/managing-services.html#adding-service-entry
> - when you host multiple kerberized sites on the server
> (access required a Red Hat subscription):
> https://access.redhat.com/site/solutions/206623
> - apache side config:
> http://modauthkerb.sourceforge.net/configure.html
> - firefox client side config:
> http://www.grolmsnet.de/kerbtut/firefox.html
>
>
> Christian
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Simo Sorce * Red Hat, Inc * New York
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130916/345d2fe7/attachment.htm>
More information about the Freeipa-users
mailing list