On 02/15/2016 02:12 PM, Wanderley Mayhé wrote:
Regarding the thread
have tested to set KrbMethodK5Passwd to “on” and restarted httpd but IPA
Web UI was still trying to auto-login user through a browser dialog.
In order to effectively disable this browser dialog, I had to edit
and add this line set KrbMethodNegotiate to off as follows (and restarted
# Protect /ipa and everything below it in webspace with Apache Kerberos
AuthName "Kerberos Login"
## KrbMethodNegotiate on
ErrorDocument 401 /ipa/errors/unauthorized.html
Am I correct to assume that that JSON API will not be affected by this
Is there any major problems this setting could cause?
Yes, it would affect the API :)
Better option would be to modify Web UI with UI plugin to skip Kerberous
auth - harder to explain.
Or easier thing might be to modify ipa.conf in a way that
/ipa/session/login_kerberos would not return negotiate headers but would
fail immediately with 401.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project