[Freeipa-users] login with kerberos on a webserver, just like with the ipa interface.
Simo Sorce
simo at redhat.com
Thu Dec 20 16:33:06 UTC 2012
On Thu, 2012-12-20 at 16:38 +0100, Han Boetes wrote:
> Hi,
>
>
> I followed http://freeipa.org/page/Apache_SNI_With_Kerberos to enable
> login in to a webserver with kerberos tickets. I followed everything
> to the letter and all looks well.
>
>
> I can log in with a username and password, but when I set the
> httpd.conf entry to
>
>
> KrbMethodK5Passwd off
>
>
>
> I can't log in. What works great with the ipa admin interface does not
> work with this recipe.
>
> I even compared it to /etc/httpd/conf.d/ipa.conf and added the
> KrbAuthRealms setting but to no avail.
>
>
>
> Adding KrbConstrainedDelegation on does not work alas. Although I am
> using centos 6.3
>
>
> I checked the http logfiles and the /var/log/krb5kdc.log, everything
> else on that host works fine. I can log in without a password and sudo
> -s works like it should.
>
>
> Please help me debugging this issue. What am I missing?
Are you using the same fully qualified name you have a keytab for ?
Do you see a ticket for the target server in the user ccache on the
client ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list