On 22.10.2015 12:11, Fujisan wrote: > The step described here > (http://cockpit-project.org/guide/latest/sso.html) are exactly the steps > I do to configure FreeIPA to SSO with kerberos. > > If I create a kerberos ticket with "kinit admin", when I go to > http://ipasrv/ipa/ui with firefox from my desktop (ipa client), I am > logged in without username/password. > > But when I go to http://ipasrv:9090 with firefox (cockpit is installed > on the ipa server), cockpit asks me for a username and password. > And I log in as root. > > On the ipa server, I can run > > $ getent passwd [email protected] <mailto:[email protected]> > smith:*:1002:1025:John Smith:/home/smith:/bin/bash > > $ host -t SRV _kerberos._udp.example.com <http://udp.example.com> > _kerberos._udp.example.com <http://udp.example.com> has SRV record 0 100 > 88 zaira.example.com <http://zaira.example.com>. > > On my desktop, firefox is configured|like this: > > network.negotiate-auth.trusted-uris user set string > .example.com <http://example.com>| > > So I must be missing something.
There's some further info here: https://github.com/cockpit-project/cockpit/blob/master/HACKING.md#setting-up-single-sign-on Does that help? Stef _______________________________________________ cockpit-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/cockpit-devel
