On 11/11/2011 04:50 PM, Boris Epstein wrote:
On Fri, Nov 11, 2011 at 4:18 PM, Dmitri Pal<[email protected]> wrote:
On 11/11/2011 03:52 PM, Boris Epstein wrote:
Hello all,
I've got my FreeIPA seemingly running on a Fedora 16 machine but I can not log into it
from a browser as I get the "Your kerberos ticket is no longer valid." message.
So the question is: is there a good guide on how to set up the Kerberos components
involved?
Do you use browser from the same machine as you server or different?
Is it a Linux machine?
What is the browser you are using?
The procedure is (on server):
1) Install server
2) kinit admin (or other user you want to use that you added)
3) start browser
4) follow the prompts reading carefully - accept certs and let the browser
configuration script run
5) Enjoy the UI
On non server:
1) Install client
2) kinit admin (or other user you want to use that you added)
3) start browser on that machine
4) follow the prompts reading carefully - accept certs and let the browser
configuration script run
5) Enjoy the UI
If you are trying to access it from a machine that is not a member of the
domain you have to go to IPA and allow basic auth but we do not recommend it as
it is insecure.
Thanks.
Boris.
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
Dmitry,
We intend to have this on a secure network so how do I enable basic
authentication?
And thanks for all your help.
Boris.
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
ipa-httpd-dekerb ()
{
ssh root@$IPASERVER "sed 's!KrbMethodK5Passwd off!KrbMethodK5Passwd
on!' < /etc/httpd/conf.d/ipa.conf > /etc/httpd/conf.d/ipa.conf.new ; mv
/etc/httpd/conf.d/ipa.conf.new /etc/httpd/conf.d/ipa.conf ; service
httpd restart "
}
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
