[Freeipa-users] IPA + AD authentication in apache
Another off the wall one from me, but I just want to know if this is worth pursuing. I have a series of internal web applications that authenticate variously to AD or IPA via prompted credentials. I'd like to use Kerberos tickets (and fall back to LDAP) instead. I have an IPA connected apache server that most of this stuff runs on. Is it possible to use both? I'm going to try following this example to get my feet wet: http://www.tuxlanding.net/kerberos-authentication-with-apache-in-a-multi-domain-active-directory/ but that's just talking about mutilple AD realms. I'd like to know if there was any special considerations for IPA Thanks again, --Jason -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] IPA + AD authentication in apache
Hi. I've done the kerberos part with several Apache Web servers with success. I've not done the fallback to ldap basic auth. Set KrbServiceName to Any in httpd.conf and put a HTTP service kerberos keytab from AD and one from IPA in the same keytab file. Reference this keytab file in httpd.conf. Regards Siggi KodaK sako...@gmail.com wrote: Another off the wall one from me, but I just want to know if this is worth pursuing. I have a series of internal web applications that authenticate variously to AD or IPA via prompted credentials. I'd like to use Kerberos tickets (and fall back to LDAP) instead. I have an IPA connected apache server that most of this stuff runs on. Is it possible to use both? I'm going to try following this example to get my feet wet: http://www.tuxlanding.net/kerberos-authentication-with-apache-in-a-multi-domain-active-directory/ but that's just talking about mutilple AD realms. I'd like to know if there was any special considerations for IPA Thanks again, --Jason -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users