Hello Rob

Regarding the thread
https://www.redhat.com/archives/freeipa-users/2010-July/msg00022.html I
have tested to set KrbMethodK5Passwd to “on” and restarted httpd but IPA
Web UI was still trying to auto-login user through a browser dialog.

In order to effectively disable this browser dialog, I had to edit

and add this line set KrbMethodNegotiate to off as follows (and restarted

# Protect /ipa and everything below it in webspace with Apache Kerberos

<Location "/ipa">

  AuthType Kerberos

  AuthName "Kerberos Login"

##  KrbMethodNegotiate on

KrbMethodNegotiate off

  KrbMethodK5Passwd off

  KrbServiceName HTTP

  KrbAuthRealms IBP.ORG.BR

  Krb5KeyTab /etc/httpd/conf/ipa.keytab

  KrbSaveCredentials on

  KrbConstrainedDelegation on

  Require valid-user

  ErrorDocument 401 /ipa/errors/unauthorized.html


Am I correct to assume that that JSON API will not be affected by this

Is there any major problems this setting could cause?



Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to