Thanks, I hoped that with gssproxy I could use a single central /etc/krb5.keytab (with all necessary principals) for nfs, apache, dhcpd,... and not worrying about file permissions. The beauty would be saved work with copying principals to separate files. Is it true? Ondrej
Odesláno ze Samsung Mobile -------- Původní zpráva -------- Od: Simo Sorce <s...@redhat.com> Datum: Komu: Ondrej Valousek <ovalou...@vendavo.com> Kopie: ch...@fluxcoil.net,freeipa-users@redhat.com Předmět: Re: [Freeipa-users] IE or Firefox & Apache Kerberos authentication On Mon, 2013-09-16 at 17:04 +0000, Ondrej Valousek wrote: > Thanks, > Is the article about http principals for apache still relevant? > I would guess that with gss-proxy (F19) it is much simpler. You still need a princiapl and a keytab yes. Here instructions if you want to use iot with GSS-Proxy: https://fedorahosted.org/gss-proxy/wiki/Apache HTH, Simo. > Ondrej > > > > > Odesláno ze Samsung Mobile > > > > -------- Původní zpráva -------- > Od: Christian Horn <ch...@fluxcoil.net> > Datum: > Komu: freeipa-users@redhat.com > Předmět: Re: [Freeipa-users] IE or Firefox & Apache Kerberos > authentication > > > > > Hi, > > On Mon, Sep 16, 2013 at 04:04:49PM +0000, Ondrej Valousek wrote: > > Is there any howto describing Firefox (or IE, if possible) > authenticating against Apache web server using GSSAPI/Kerberos? > > Both client & server in the same IPA domain. > > Ideally I would like to know FF and Apache setup + compatibility > info (i.e. does IE + IIS use the same thing or not) > > Not aware of a "includes all"-guide, but would start here: > > - adding the HTTP service principal: > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#adding-service-entry-cmd > http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/managing-services.html#adding-service-entry > - when you host multiple kerberized sites on the server > (access required a Red Hat subscription): > https://access.redhat.com/site/solutions/206623 > - apache side config: > http://modauthkerb.sourceforge.net/configure.html > - firefox client side config: > http://www.grolmsnet.de/kerbtut/firefox.html > > > Christian > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Simo Sorce * Red Hat, Inc * New York
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users