Hi.
I've done the kerberos part with several Apache Web servers with success. I've
not done the fallback to ldap basic auth.
Set KrbServiceName to Any in httpd.conf and put a HTTP service kerberos keytab
from AD and one from IPA in the same keytab file. Reference this keytab file in
httpd.conf.
Regards
Siggi
KodaK <sako...@gmail.com> wrote:
>Another off the wall one from me, but I just want to know if this is
>worth
>pursuing.
>
>I have a series of internal web applications that authenticate
>variously to
>AD or IPA via prompted credentials.
>
>I'd like to use Kerberos tickets (and fall back to LDAP) instead.
>
>I have an IPA connected apache server that most of this stuff runs on.
>
>Is it possible to use both?
>
>I'm going to try following this example to get my feet wet:
>
>http://www.tuxlanding.net/kerberos-authentication-with-apache-in-a-multi-domain-active-directory/
>
>but that's just talking about mutilple AD realms. I'd like to know if
>there was any special considerations for IPA
>
>Thanks again,
>
>--Jason
>
>--
>The government is going to read our mail anyway, might as well make it
>tough for them. GPG Public key ID: B6A1A7C6
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Freeipa-users mailing list
>Freeipa-users@redhat.com
>https://www.redhat.com/mailman/listinfo/freeipa-users
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users