3:08 a.m.
Hi guys
Miroslav has told me that Pavel Raiskup is using Kerberos authentication on his Copr
installation..
Is it possible to see the configuration for the kerberos authentication.. both in
copr.conf and for apache??
Thanks
Martin Juhl
IT-Consultant@Casalogic A/S, RHCA
3:56 a.m.
New subject: |Re:Kerberosauthenticationexample
Hi Martin,
On Wednesday, November 16, 2016 10:08:14 AM CET Martin Juhl wrote:
Miroslav has told me that Pavel Raiskup is using Kerberos
authentication
on his Copr installation..
yes
Is it possible to see the configuration for the kerberos
authentication.. both in copr.conf and for apache??
For copr conf we use:
https://pagure.io/copr/copr/blob/0308c229a6b41c26a28ddda1664918d4fc22f148...
And for Apache:
<Location "/krb5_login/redhat/">
AuthType Kerberos
AuthName "Red Hat Kerberos Credentials"
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbServiceName HTTP
KrbAuthRealms REDHAT.COM
Krb5Keytab /etc/httpd/conf/httpd.keytab
KrbSaveCredentials off
Require valid-user
</Location>
There's a plan to have the configuration public, but we are not yet there.
Pavel
4:20 a.m.
New subject: |Re:Kerberosauthenticationexample
Hi Pavel
Thanks a lot, I'll try to get it working...
Is there any plan to add basic LDAP/AD support.. maybe SSSD enabled??.. or maybe just a
hack?
I have some customers where the Kerberos solution doesn't really fit...
/Martin
----- Original meddelelse -----
Fra: "Pavel Raiskup" <praiskup(a)redhat.com>
Til: "copr-devel" <copr-devel(a)lists.fedorahosted.org>
Cc: "mj" <mj(a)casalogic.dk>
Sendt: onsdag, 16. november 2016 10:56:49
Emne: | Re: Kerberos authentication example
Hi Martin,
On Wednesday, November 16, 2016 10:08:14 AM CET Martin Juhl wrote:
Miroslav has told me that Pavel Raiskup is using Kerberos
authentication
on his Copr installation..
yes
Is it possible to see the configuration for the kerberos
authentication.. both in copr.conf and for apache??
For copr conf we use:
https://pagure.io/copr/copr/blob/0308c229a6b41c26a28ddda1664918d4fc22f148...
And for Apache:
<Location "/krb5_login/redhat/">
AuthType Kerberos
AuthName "Red Hat Kerberos Credentials"
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbServiceName HTTP
KrbAuthRealms REDHAT.COM
Krb5Keytab /etc/httpd/conf/httpd.keytab
KrbSaveCredentials off
Require valid-user
</Location>
There's a plan to have the configuration public, but we are not yet there.
Pavel
_______________________________________________
copr-devel mailing list -- copr-devel(a)lists.fedorahosted.org
To unsubscribe send an email to copr-devel-leave(a)lists.fedorahosted.org
4:40 a.m.
New subject: |Re:Kerberosauthenticationexample
On Wednesday, November 16, 2016 11:20:48 AM CET Martin Juhl wrote:
Hi Pavel
Thanks a lot, I'll try to get it working...
Is there any plan to add basic LDAP/AD support.. maybe SSSD enabled??..
or maybe just a hack?
I have some customers where the Kerberos solution doesn't really fit...
That is probably something we don't urgently need ATM, so there's been no
motivation to implement that so far.
But OTOH, if someone motivated enough implemented this (an non-intrusive
way) - I don't think there would be a problem to review and include
(correct me if I'm wrong) such patch.
Pavel
/Martin
----- Original meddelelse -----
Fra: "Pavel Raiskup" <praiskup(a)redhat.com>
Til: "copr-devel" <copr-devel(a)lists.fedorahosted.org>
Cc: "mj" <mj(a)casalogic.dk>
Sendt: onsdag, 16. november 2016 10:56:49
Emne: | Re: Kerberos authentication example
Hi Martin,
On Wednesday, November 16, 2016 10:08:14 AM CET Martin Juhl wrote:
> Miroslav has told me that Pavel Raiskup is using Kerberos authentication
> on his Copr installation..
yes
> Is it possible to see the configuration for the kerberos
> authentication.. both in copr.conf and for apache??
For copr conf we use:
https://pagure.io/copr/copr/blob/0308c229a6b41c26a28ddda1664918d4fc22f148...
And for Apache:
<Location "/krb5_login/redhat/">
AuthType Kerberos
AuthName "Red Hat Kerberos Credentials"
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbServiceName HTTP
KrbAuthRealms REDHAT.COM
Krb5Keytab /etc/httpd/conf/httpd.keytab
KrbSaveCredentials off
Require valid-user
</Location>
There's a plan to have the configuration public, but we are not yet there.
Pavel
_______________________________________________
copr-devel mailing list -- copr-devel(a)lists.fedorahosted.org
To unsubscribe send an email to copr-devel-leave(a)lists.fedorahosted.org
_______________________________________________
copr-devel mailing list -- copr-devel(a)lists.fedorahosted.org
To unsubscribe send an email to copr-devel-leave(a)lists.fedorahosted.org
5:04 a.m.
New subject: |Re:Kerberosauthenticationexample
Ok...
My python skills are almost non-existing.. so that will probably not be me...
When doing the kerberos implementation.. do you have the commands for generating the
keytab file??
----- Original meddelelse -----
Fra: "Pavel Raiskup" <praiskup(a)redhat.com>
Til: "copr-devel" <copr-devel(a)lists.fedorahosted.org>
Cc: "mj" <mj(a)casalogic.dk>
Sendt: onsdag, 16. november 2016 11:40:27
Emne: | Re: Kerberos authentication example
On Wednesday, November 16, 2016 11:20:48 AM CET Martin Juhl wrote:
Hi Pavel
Thanks a lot, I'll try to get it working...
Is there any plan to add basic LDAP/AD support.. maybe SSSD enabled??..
or maybe just a hack?
I have some customers where the Kerberos solution doesn't really fit...
That is probably something we don't urgently need ATM, so there's been no
motivation to implement that so far.
But OTOH, if someone motivated enough implemented this (an non-intrusive
way) - I don't think there would be a problem to review and include
(correct me if I'm wrong) such patch.
Pavel
/Martin
----- Original meddelelse -----
Fra: "Pavel Raiskup" <praiskup(a)redhat.com>
Til: "copr-devel" <copr-devel(a)lists.fedorahosted.org>
Cc: "mj" <mj(a)casalogic.dk>
Sendt: onsdag, 16. november 2016 10:56:49
Emne: | Re: Kerberos authentication example
Hi Martin,
On Wednesday, November 16, 2016 10:08:14 AM CET Martin Juhl wrote:
> Miroslav has told me that Pavel Raiskup is using Kerberos authentication
> on his Copr installation..
yes
> Is it possible to see the configuration for the kerberos
> authentication.. both in copr.conf and for apache??
For copr conf we use:
https://pagure.io/copr/copr/blob/0308c229a6b41c26a28ddda1664918d4fc22f148...
And for Apache:
<Location "/krb5_login/redhat/">
AuthType Kerberos
AuthName "Red Hat Kerberos Credentials"
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbServiceName HTTP
KrbAuthRealms REDHAT.COM
Krb5Keytab /etc/httpd/conf/httpd.keytab
KrbSaveCredentials off
Require valid-user
</Location>
There's a plan to have the configuration public, but we are not yet there.
Pavel
_______________________________________________
copr-devel mailing list -- copr-devel(a)lists.fedorahosted.org
To unsubscribe send an email to copr-devel-leave(a)lists.fedorahosted.org
_______________________________________________
copr-devel mailing list -- copr-devel(a)lists.fedorahosted.org
To unsubscribe send an email to copr-devel-leave(a)lists.fedorahosted.org
_______________________________________________
copr-devel mailing list -- copr-devel(a)lists.fedorahosted.org
To unsubscribe send an email to copr-devel-leave(a)lists.fedorahosted.org
6:21 a.m.
New subject: |Re:Kerberosauthenticationexample
On Wednesday, November 16, 2016 12:04:34 PM CET Martin Juhl wrote:
When doing the kerberos implementation.. do you have the commands
for
generating the keytab file??
Unfortunately, I've never generated "serious" keytab. That's usually
matter of
requesting it from your authentication authority, those guys who maintain
kerberos for you - unless you want to drive your own krb server (which is hardly
useful just because of single service).
Pavel
8:43 a.m.
New subject: |Re:Kerberosauthenticationexample
Dne 16.11.2016 v 12:04 Martin Juhl napsal(a):
When doing the kerberos implementation.. do you have the commands for
generating the keytab file??
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/...
--
Miroslav Suchy, RHCA
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys
2709
days inactive
2715
days old
copr-devel@lists.fedorahosted.org
6 comments
3 participants
participants (3)
-
Martin Juhl -
Miroslav Suchý -
Pavel Raiskup