Massive thread necromancy but...
On Sun, 2018-11-25 at 12:21 +0100, Alex Corcoles wrote:
> 2) SSO
>
> What is the special sauce for users using a browser on an IPA-joined
> system to log in to apps without even seeing a login form? SPNEGO?
>
> I'm using mod_auth_gssapi for some apps, having httpd do the
> authentication and forward it through REMOTE_USER, but it doesn't do
> the magic. There are some hints on mod_auth_gssapi's docs, but
> nothing
> really clear.
Playing around with my Ipsilon install I found the problem of my setup.
I was doing:
ipa service-add nagios/my.host
but I needed to use:
ipa service-add HTTP/my.host
apparently if you don't name it HTTP, the keytab works but doesn't do
SSO.
Cheers,
Álex
--
___
{~._.~}
( Y )
()~*~() mail: alex at corcoles dot net
(_)-(_) http://alex.corcoles.net/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
