On 11/11/2011 04:50 PM, Boris Epstein wrote:
On Fri, Nov 11, 2011 at 4:18 PM, Dmitri Pal<d...@redhat.com>  wrote:
On 11/11/2011 03:52 PM, Boris Epstein wrote:

Hello all,
I've got my FreeIPA seemingly running on a Fedora 16 machine but I can not log into it 
from a browser as I get the "Your kerberos ticket is no longer valid." message. 
So the question is: is there a good guide on how to set up the Kerberos components 
involved?

Do you use browser from the same machine as you server or different?
Is it a Linux machine?
What is the browser you are using?

The procedure is (on server):
1) Install server
2) kinit admin (or other user you want to use that you added)
3) start browser
4) follow the prompts reading carefully - accept certs and let the browser 
configuration script run
5) Enjoy the UI

On non server:
1) Install client
2) kinit admin (or other user you want to use that you added)
3) start browser on that machine
4) follow the prompts reading carefully - accept certs and let the browser 
configuration script run
5) Enjoy the UI

If you are trying to access it from a machine that is not a member of the 
domain you have to go to IPA and allow basic auth but we do not recommend it as 
it is insecure.




Thanks.
Boris.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Dmitry,

We intend to have this on a secure network so how do I enable basic
authentication?

And thanks for all your help.

Boris.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

ipa-httpd-dekerb ()
{
ssh root@$IPASERVER "sed 's!KrbMethodK5Passwd off!KrbMethodK5Passwd on!' < /etc/httpd/conf.d/ipa.conf > /etc/httpd/conf.d/ipa.conf.new ; mv /etc/httpd/conf.d/ipa.conf.new /etc/httpd/conf.d/ipa.conf ; service httpd restart "
}

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to