Hi Thanks for the reply. I have authenticated using LDAP in apache2 with Microsoft active directory domain. I have followed your method but still the dialog box appears asking for username and password. Is there any other way to solve this issue? Is there any other method so that the TRAC finds the user logged into the system.
Regards Gayathri.V -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Mulligan Sent: Tuesday, June 17, 2008 8:14 PM To: [email protected] Subject: [Trac] Re: problem implementing SSO Some more information about how you have your server setup, and what clients you're using, would be helpful. I'm going to assume you have a Microsoft AD Domain, and Apache with Kerberos (mod_auth_kerb). If it working with basic auth you'll need to enable KrbMethodNegotiate authentication (in addition to KrbMethodK5Password), which may be the default. Then on the browser side you'll need to do some minor tweaks: Firefox/Mozilla * Enter into the address bar about:config * Use the filter to help find network.negotiate-auth.trusted-uris - this is the list of uris that the browser will do SPNEGO with. That is, the places it's prepared to try Kerberos authentication with. So basically it prevents the browser from sending tickets to any old website where they might eventually be decrypted. * Set it to the string 'https://yourdomain.com' (no trailing /'s!). * It should just work now IE * Tools-internet options * Security tab * Highlight 'local intranet' * Click 'sites' button, then 'advanced' * Add sites that you want, and check the box at the bottom ('require https'). Add https://*.yourdomain.com to the list. * Back to internet options' security tab, click on 'custom level' for the intranet. * Scroll down to the very bottom; user authentication-logon should be 'automatic logon only in intranet zone' * Back to internet options, go to the advanced tab * Scroll down to security, ensure that 'enable integrated windows authentication' is checked (if you had to do that, you'll need to restart for some odd reason). Note that I've never personally done it for IE, but it should work more or less like that. On Tue, Jun 17, 2008 at 8:17 AM, Gayathri <[EMAIL PROTECTED]> wrote: > > Hi all, > > I was trying to implement single sign on in trac.i have integrated it with ADS. now I have to remove the dialog box that asks for username and password. Can you pl tell me some steps to proceed. > > Thanks > > gayathri > > The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments contained in it. Contact your Administrator for further information. > > > The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments contained in it. Contact your Administrator for further information. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
