2012/5/4 Paul Robert Marino <[email protected]>: > There is a apache module for kerberos auth that works well two notes about > it turn on credential caching because it significantly reduces the load on > the kerberos server and keep in mind that internet explorer leaves native > kerberos on (you won't get prompted for a user name or password if you hve a > valid kerberos ticket) but firefox turns it off by default and I'm not sure > about crome. In other words if you leave the default setting in firefox it > will use basic auth (clear text password unless you use ssl) to interact > with apache and subsequently kerberos. This is a wonderfull way to make a > secure authentication mechanisim insecure if you don't use ssl. > That said I know for a fact track does work well with kerberos auth. That means if user's browser doesn't support kerberos or with kerberos off by default, it will break SSO, right?
Maybe I should try FreeIPA in conjunction with CoSign? -- Regards, - cee1 _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
