Boris Epstein wrote:
On Fri, Nov 11, 2011 at 4:18 PM, Dmitri Pal<d...@redhat.com> wrote:
On 11/11/2011 03:52 PM, Boris Epstein wrote:
Hello all,
I've got my FreeIPA seemingly running on a Fedora 16 machine but I can not log into it
from a browser as I get the "Your kerberos ticket is no longer valid." message.
So the question is: is there a good guide on how to set up the Kerberos components
involved?
Do you use browser from the same machine as you server or different?
Is it a Linux machine?
What is the browser you are using?
The procedure is (on server):
1) Install server
2) kinit admin (or other user you want to use that you added)
3) start browser
4) follow the prompts reading carefully - accept certs and let the browser
configuration script run
5) Enjoy the UI
On non server:
1) Install client
2) kinit admin (or other user you want to use that you added)
3) start browser on that machine
4) follow the prompts reading carefully - accept certs and let the browser
configuration script run
5) Enjoy the UI
If you are trying to access it from a machine that is not a member of the
domain you have to go to IPA and allow basic auth but we do not recommend it as
it is insecure.
Thanks.
Boris.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Dmitry,
We intend to have this on a secure network so how do I enable basic
authentication?
And thanks for all your help.
Basic auth defeats the benefits of single sign-on, I would not recommend
it. If you are using Firefox then getting this set up is usually just a
one-time bit of pain and then SSO goodness from then on. The beauty is
you can extend it to all your other apps and get away from sending your
passwords all over the place.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users