Shan Kumaraswamy wrote: > Dear All, > > > > Can anyone let me know how to disable IPA admin “auto-login” from > FreeIPA server, basically I need to use this URL > https://ipaserver.example.com/ipa/ui and should ask user name and > password every time while opening the login page, > This is not a bug. It is a feature :-) A bit of explanation about how things work. When admin does authentication he gets a kerberos ticket. This ticket is used to get access to the UI (automatically). It is a feature of kerberos. You would not be able to login if you do not have a ticket. If you have a ticket, this means you already proved your identity to the server and there is no need to challenge you again. What you are asking for is a form based authentication. It is not implemented in IPA and not planned to be implemented in v2 because the scheme above has same security attributes but is much more convenient. So there is no way to disable the auto-login feature.
> and also the administrator will login via “Firefox” any machine in > the intranet (LAN) using the IPA admin login credentials. > Can you explain this part please? Login into any machine? Sure if you configured SSH to use kerberos you will be able to SSH into any machine unless you configures some access control rules that would prevent you from doing so. > > -- > Thanks & Regards > Shan Kumaraswamy > > ------------------------------------------------------------------------ > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users