[Freeipa-users] Disable IPA Web UI auto-login

Shan Kumaraswamy shan.sysadm at gmail.com
Wed Jul 14 13:26:00 UTC 2010 

Hi Pal,
Thank you very much for the clarificaiton, the secound question is I want to
access the url from my laptop using firefox, and also I configured the
browser as per the IPA installation browers configuration and its download
the ipa certificate, after when I try the same url again its througing the
kerberos auth failure. Please let me know what is the issure.




On Wed, Jul 14, 2010 at 4:19 PM, Dmitri Pal <dpal at redhat.com> wrote:

> Shan Kumaraswamy wrote:
> > Dear All,
> >
> >
> >
> > Can anyone let me know how to disable IPA admin “auto-login” from
> > FreeIPA server, basically I need to use this URL
> > https://ipaserver.example.com/ipa/ui  and should ask user name and
> > password every time while opening the login page,
> >
> This is not a bug. It is a feature :-)
> A bit of explanation about how things work.
> When admin does authentication he gets a kerberos ticket.
> This ticket is used to get access to the UI (automatically). It is a
> feature of kerberos.
> You would not be able to login if you do not have a ticket.
> If you have a ticket, this means you already proved your identity to the
> server and there is no need to challenge you again.
> What you are asking for is a form based authentication. It is not
> implemented in IPA and not planned to be implemented in v2 because the
> scheme above has same security attributes but is much more convenient.
> So there is no way to disable the auto-login feature.
>
>
>
> > and also the administrator will login via “Firefox”  any machine in
> > the intranet (LAN) using the IPA admin login credentials.
> >
>
> Can you explain this part please? Login into any machine? Sure if you
> configured SSH to use kerberos you will be able to SSH into any machine
> unless you configures some access control rules that would prevent you
> from doing so.
>
>
> >
> > --
> > Thanks & Regards
> > Shan Kumaraswamy
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> --
> Thank you,
> Dmitri Pal
>
> Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>


-- 
Thanks & Regards
Shan Kumaraswamy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20100714/8a530825/attachment.htm>

More information about the Freeipa-users mailing list