Shan Kumaraswamy wrote:
> Dear All,
> Can anyone let me know how to disable IPA admin “auto-login” from
> FreeIPA server, basically I need to use this URL
>  and should ask user name and
> password every time while opening the login page,
This is not a bug. It is a feature :-)
A bit of explanation about how things work.
When admin does authentication he gets a kerberos ticket.
This ticket is used to get access to the UI (automatically). It is a
feature of kerberos.
You would not be able to login if you do not have a ticket.
If you have a ticket, this means you already proved your identity to the
server and there is no need to challenge you again.
What you are asking for is a form based authentication. It is not
implemented in IPA and not planned to be implemented in v2 because the
scheme above has same security attributes but is much more convenient.
So there is no way to disable the auto-login feature.

> and also the administrator will login via “Firefox”  any machine in
> the intranet (LAN) using the IPA admin login credentials.

Can you explain this part please? Login into any machine? Sure if you
configured SSH to use kerberos you will be able to SSH into any machine
unless you configures some access control rules that would prevent you
from doing so.

> -- 
> Thanks & Regards
> Shan Kumaraswamy
> ------------------------------------------------------------------------
> _______________________________________________
> Freeipa-users mailing list

Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to