[Freeipa-users] IE or Firefox & Apache Kerberos authentication
Simo Sorce
simo at redhat.com
Mon Sep 16 18:46:36 UTC 2013
On Mon, 2013-09-16 at 18:35 +0000, Ondrej Valousek wrote:
> Thanks,
> I hoped that with gssproxy I could use a single
> central /etc/krb5.keytab (with all necessary principals) for nfs,
> apache, dhcpd,... and not worrying about file permissions.
> The beauty would be saved work with copying principals to separate
> files.
> Is it true?
Yes, you can keep the principal's keys wherever you want with gssproxy,
although I would personally still use separate keytabs for ease of
management should you need to change just one set of keys.
Simo.
> Ondrej
>
>
>
>
> Odesláno ze Samsung Mobile
>
>
>
> -------- Původní zpráva --------
> Od: Simo Sorce <simo at redhat.com>
> Datum:
> Komu: Ondrej Valousek <ovalousek at vendavo.com>
> Kopie: chorn at fluxcoil.net,freeipa-users at redhat.com
> Předmět: Re: [Freeipa-users] IE or Firefox & Apache Kerberos
> authentication
>
>
>
> On Mon, 2013-09-16 at 17:04 +0000, Ondrej Valousek wrote:
> > Thanks,
> > Is the article about http principals for apache still relevant?
> > I would guess that with gss-proxy (F19) it is much simpler.
>
> You still need a princiapl and a keytab yes.
>
> Here instructions if you want to use iot with GSS-Proxy:
>
> https://fedorahosted.org/gss-proxy/wiki/Apache
>
>
> HTH,
> Simo.
>
> > Ondrej
> >
> >
> >
> >
> > Odesláno ze Samsung Mobile
> >
> >
> >
> > -------- Původní zpráva --------
> > Od: Christian Horn <chorn at fluxcoil.net>
> > Datum:
> > Komu: freeipa-users at redhat.com
> > Předmět: Re: [Freeipa-users] IE or Firefox & Apache Kerberos
> > authentication
> >
> >
> >
> >
> > Hi,
> >
> > On Mon, Sep 16, 2013 at 04:04:49PM +0000, Ondrej Valousek wrote:
> > > Is there any howto describing Firefox (or IE, if possible)
> > authenticating against Apache web server using GSSAPI/Kerberos?
> > > Both client & server in the same IPA domain.
> > > Ideally I would like to know FF and Apache setup + compatibility
> > info (i.e. does IE + IIS use the same thing or not)
> >
> > Not aware of a "includes all"-guide, but would start here:
> >
> > - adding the HTTP service principal:
> >
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#adding-service-entry-cmd
> >
> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/managing-services.html#adding-service-entry
> > - when you host multiple kerberized sites on the server
> > (access required a Red Hat subscription):
> > https://access.redhat.com/site/solutions/206623
> > - apache side config:
> > http://modauthkerb.sourceforge.net/configure.html
> > - firefox client side config:
> > http://www.grolmsnet.de/kerbtut/firefox.html
> >
> >
> > Christian
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list