Hello Rob
Regarding the thread https://www.redhat.com/archives/freeipa-users/2010-July/msg00022.html I have tested to set KrbMethodK5Passwd to on and restarted httpd but IPA Web UI was still trying to auto-login user through a browser dialog. In order to effectively disable this browser dialog, I had to edit /etc/httpd/conf.d/ipa.conf and add this line set KrbMethodNegotiate to off as follows (and restarted httpd): # Protect /ipa and everything below it in webspace with Apache Kerberos auth <Location "/ipa"> AuthType Kerberos AuthName "Kerberos Login" ## KrbMethodNegotiate on KrbMethodNegotiate off KrbMethodK5Passwd off KrbServiceName HTTP KrbAuthRealms IBP.ORG.BR Krb5KeyTab /etc/httpd/conf/ipa.keytab KrbSaveCredentials on KrbConstrainedDelegation on Require valid-user ErrorDocument 401 /ipa/errors/unauthorized.html </Location> Am I correct to assume that that JSON API will not be affected by this change? Is there any major problems this setting could cause? Att Wanderley
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project