[katello-devel] Kerberos support design
Bryan Kearney
bkearney at redhat.com
Wed Jun 19 15:39:24 UTC 2013
On 06/19/2013 06:20 AM, Dmitri Dolguikh wrote:
> On 2013-06-18 3:07 PM, Marek Hulan wrote:
>> Hello,
>>
>> I created a kerberos wiki page [1] with design of integration into our current
>> authentication scheme (thanks Dominic for early discussions). Especially
>> Martin and Tomáš should be interested because it's related to CLI. Please take
>> a look and reply with questions/comments or ping me via IRC.
>>
>> [1]https://fedorahosted.org/katello/wiki/KerberosIntegration
> Looks good to me.
>
> Re: fallback to other backends - I think traversing an ordered list of
> backends until authentication succeeds would work? Might require
> additional logic for web-ui though?
> Synchronized clocks is a requirement in a kerberos environment, and an
> ntp server may or may not be present? I'd just make this assumption (and
> maybe add a point to FAQ).
>
Is this a normal practice? I would assume you pick a model and go with
it. If you like kerberos, use it. If you dont.. use on board.
The design mentions a casual interface. Can I assume that if I have the
ticket in my browser, I do not see the login screen but if I do not then
I have to pass my credentials to the signo UI? I really hate the basic
auth popup.
--bk
More information about the katello-devel
mailing list