On 05/04/2012 11:26 AM, Rob Crittenden wrote:
Firefox needs to be configured to be allowed to perform Kerberos SSO in
a domain. FreeIPA 2.2 introduced a forms-based login so you don't have
to fall back to basic authentication (with KrbMethodK5Passwd on).
The forms based login applies to the IPA Admin console, the OP was
asking web services other than the IPA admin console, therefore that's
not relevant.
What is relevant is getting the other web services to use kerberos
negotiate auth instead of whatever they are currently using. The
difficulty of that task really depends on the particular web service.
The user must also be able to acquire a kerberos ticket.
So the answer to the OP is, if you can satisfy the following two
conditions then IPA is a graceful solution:
1) The web service can be configured to use kerberos negotiate auth.
2) Each of your users has a facility available to acquire a kerberos ticket.
--
John Dennis <[email protected]>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
