Re: GUI console and Kerberos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I know it will probably be a little more complex than that but I think
it logically should be one of the steps.
although it doesn't explain how "cn=Directory Manager" works
but it makes a lot of sense when you see the 401 error from the login
attempt it comes from the directory specified by
"
<Location /admin-serv/authenticate>
    SetHandler user-auth
    AuthUserFile /etc/dirsrv/admin-serv/admpw
    AuthType basic
    AuthName "Admin Server"
    Require valid-user
    Order allow,deny
    Allow from all
</Location>
"
in /etc/dirsrv/admin-serv/admserv.conf




On Wed, Mar 11, 2015 at 2:13 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
> On 03/11/2015 11:54 AM, Paul Robert Marino wrote:
>>
>> Hey every one
>> I have a question I know at least once in the past i setup the admin
>> console so it could utilize Kerberos passwords based on a howto I
>> found once which after I changed jobs I could never find again.
>>
>> today I was looking for something else and I saw a mention on the site
>> about httpd needing to be compiled with http auth support.
>> well I did a little digging and I found this file
>> /etc/dirsrv/admin-serv/admserv.conf
>>
>> in that file I found a lot of entries that look like this
>> "
>> <LocationMatch /*/[tT]asks/[Cc]onfiguration/*>
>>    AuthUserFile /etc/dirsrv/admin-serv/admpw
>>    AuthType basic
>>    AuthName "Admin Server"
>>    Require valid-user
>>    AdminSDK on
>>    ADMCgiBinDir /usr/lib64/dirsrv/cgi-bin
>>    NESCompatEnv on
>>    Options +ExecCGI
>>    Order allow,deny
>>    Allow from all
>> </LocationMatch>
>>
>> "
>> when I checked /etc/dirsrv/admin-serv/admpw sure enough I found the
>> Password hash for the admin user.
>>
>> So my question is before I wast time experimenting could it possibly
>> be as simple as changing the auth type to kerberos
>> http://modauthkerb.sourceforge.net/configure.html
>
>
> I don't know.  I don't think anyone has ever tried it.
>
>> keep in mind my Kerberos Servers do not use LDAP as the backend.
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux