Michael Ströder wrote: > Rich Megginson wrote: > >> You might be interested in the freeipa.org project which uses python, >> python-ldap, turbogears, PyKerberos, and supports http authentication >> with forwardable tickets. >> I don't think they support SPNEGO yet but patches are welcome :-) >> > > How does the browser send the ticket to the web application then? > In Firefox, go to about:config In the Filter: text box, type "nego" You just have to set network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris to match your [domain_realm] setting in your /etc/krb5.conf. For example: network.negotiate-auth.delegation-uris: .example.com network.negotiate-auth.trusted-uris: .example.com
I'm not sure but this should be documented on the freeipa.org web site, if it is not already. You also have to use Apache mod_auth_kerb, which should also be covered by freeipa.org > Ciao, Michael. > > ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
