Hi guys
Miroslav has told me that Pavel Raiskup is using Kerberos authentication on his Copr installation..
Is it possible to see the configuration for the kerberos authentication.. both in copr.conf and for apache??
Thanks
Martin Juhl
IT-Consultant@Casalogic A/S, RHCA
Hi Martin,
On Wednesday, November 16, 2016 10:08:14 AM CET Martin Juhl wrote:
Miroslav has told me that Pavel Raiskup is using Kerberos authentication on his Copr installation..
yes
Is it possible to see the configuration for the kerberos authentication.. both in copr.conf and for apache??
For copr conf we use: https://pagure.io/copr/copr/blob/0308c229a6b41c26a28ddda1664918d4fc22f148/f/...
And for Apache:
<Location "/krb5_login/redhat/"> AuthType Kerberos AuthName "Red Hat Kerberos Credentials" KrbMethodNegotiate on KrbMethodK5Passwd on KrbServiceName HTTP KrbAuthRealms REDHAT.COM Krb5Keytab /etc/httpd/conf/httpd.keytab KrbSaveCredentials off Require valid-user </Location>
There's a plan to have the configuration public, but we are not yet there.
Pavel
Hi Pavel
Thanks a lot, I'll try to get it working...
Is there any plan to add basic LDAP/AD support.. maybe SSSD enabled??.. or maybe just a hack?
I have some customers where the Kerberos solution doesn't really fit...
/Martin
----- Original meddelelse ----- Fra: "Pavel Raiskup" praiskup@redhat.com Til: "copr-devel" copr-devel@lists.fedorahosted.org Cc: "mj" mj@casalogic.dk Sendt: onsdag, 16. november 2016 10:56:49 Emne: | Re: Kerberos authentication example
Hi Martin,
On Wednesday, November 16, 2016 10:08:14 AM CET Martin Juhl wrote:
Miroslav has told me that Pavel Raiskup is using Kerberos authentication on his Copr installation..
yes
Is it possible to see the configuration for the kerberos authentication.. both in copr.conf and for apache??
For copr conf we use: https://pagure.io/copr/copr/blob/0308c229a6b41c26a28ddda1664918d4fc22f148/f/...
And for Apache:
<Location "/krb5_login/redhat/"> AuthType Kerberos AuthName "Red Hat Kerberos Credentials" KrbMethodNegotiate on KrbMethodK5Passwd on KrbServiceName HTTP KrbAuthRealms REDHAT.COM Krb5Keytab /etc/httpd/conf/httpd.keytab KrbSaveCredentials off Require valid-user </Location>
There's a plan to have the configuration public, but we are not yet there.
Pavel _______________________________________________ copr-devel mailing list -- copr-devel@lists.fedorahosted.org To unsubscribe send an email to copr-devel-leave@lists.fedorahosted.org
On Wednesday, November 16, 2016 11:20:48 AM CET Martin Juhl wrote:
Hi Pavel
Thanks a lot, I'll try to get it working...
Is there any plan to add basic LDAP/AD support.. maybe SSSD enabled??.. or maybe just a hack?
I have some customers where the Kerberos solution doesn't really fit...
That is probably something we don't urgently need ATM, so there's been no motivation to implement that so far.
But OTOH, if someone motivated enough implemented this (an non-intrusive way) - I don't think there would be a problem to review and include (correct me if I'm wrong) such patch.
Pavel
/Martin
----- Original meddelelse ----- Fra: "Pavel Raiskup" praiskup@redhat.com Til: "copr-devel" copr-devel@lists.fedorahosted.org Cc: "mj" mj@casalogic.dk Sendt: onsdag, 16. november 2016 10:56:49 Emne: | Re: Kerberos authentication example
Hi Martin,
On Wednesday, November 16, 2016 10:08:14 AM CET Martin Juhl wrote:
Miroslav has told me that Pavel Raiskup is using Kerberos authentication on his Copr installation..
yes
Is it possible to see the configuration for the kerberos authentication.. both in copr.conf and for apache??
For copr conf we use: https://pagure.io/copr/copr/blob/0308c229a6b41c26a28ddda1664918d4fc22f148/f/...
And for Apache:
<Location "/krb5_login/redhat/"> AuthType Kerberos AuthName "Red Hat Kerberos Credentials" KrbMethodNegotiate on KrbMethodK5Passwd on KrbServiceName HTTP KrbAuthRealms REDHAT.COM Krb5Keytab /etc/httpd/conf/httpd.keytab KrbSaveCredentials off Require valid-user
</Location>
There's a plan to have the configuration public, but we are not yet there.
Pavel _______________________________________________ copr-devel mailing list -- copr-devel@lists.fedorahosted.org To unsubscribe send an email to copr-devel-leave@lists.fedorahosted.org _______________________________________________ copr-devel mailing list -- copr-devel@lists.fedorahosted.org To unsubscribe send an email to copr-devel-leave@lists.fedorahosted.org
Ok...
My python skills are almost non-existing.. so that will probably not be me...
When doing the kerberos implementation.. do you have the commands for generating the keytab file??
----- Original meddelelse ----- Fra: "Pavel Raiskup" praiskup@redhat.com Til: "copr-devel" copr-devel@lists.fedorahosted.org Cc: "mj" mj@casalogic.dk Sendt: onsdag, 16. november 2016 11:40:27 Emne: | Re: Kerberos authentication example
On Wednesday, November 16, 2016 11:20:48 AM CET Martin Juhl wrote:
Hi Pavel
Thanks a lot, I'll try to get it working...
Is there any plan to add basic LDAP/AD support.. maybe SSSD enabled??.. or maybe just a hack?
I have some customers where the Kerberos solution doesn't really fit...
That is probably something we don't urgently need ATM, so there's been no motivation to implement that so far.
But OTOH, if someone motivated enough implemented this (an non-intrusive way) - I don't think there would be a problem to review and include (correct me if I'm wrong) such patch.
Pavel
/Martin
----- Original meddelelse ----- Fra: "Pavel Raiskup" praiskup@redhat.com Til: "copr-devel" copr-devel@lists.fedorahosted.org Cc: "mj" mj@casalogic.dk Sendt: onsdag, 16. november 2016 10:56:49 Emne: | Re: Kerberos authentication example
Hi Martin,
On Wednesday, November 16, 2016 10:08:14 AM CET Martin Juhl wrote:
Miroslav has told me that Pavel Raiskup is using Kerberos authentication on his Copr installation..
yes
Is it possible to see the configuration for the kerberos authentication.. both in copr.conf and for apache??
For copr conf we use: https://pagure.io/copr/copr/blob/0308c229a6b41c26a28ddda1664918d4fc22f148/f/...
And for Apache:
<Location "/krb5_login/redhat/"> AuthType Kerberos AuthName "Red Hat Kerberos Credentials" KrbMethodNegotiate on KrbMethodK5Passwd on KrbServiceName HTTP KrbAuthRealms REDHAT.COM Krb5Keytab /etc/httpd/conf/httpd.keytab KrbSaveCredentials off Require valid-user
</Location>
There's a plan to have the configuration public, but we are not yet there.
Pavel _______________________________________________ copr-devel mailing list -- copr-devel@lists.fedorahosted.org To unsubscribe send an email to copr-devel-leave@lists.fedorahosted.org _______________________________________________ copr-devel mailing list -- copr-devel@lists.fedorahosted.org To unsubscribe send an email to copr-devel-leave@lists.fedorahosted.org
_______________________________________________ copr-devel mailing list -- copr-devel@lists.fedorahosted.org To unsubscribe send an email to copr-devel-leave@lists.fedorahosted.org
On Wednesday, November 16, 2016 12:04:34 PM CET Martin Juhl wrote:
When doing the kerberos implementation.. do you have the commands for generating the keytab file??
Unfortunately, I've never generated "serious" keytab. That's usually matter of requesting it from your authentication authority, those guys who maintain kerberos for you - unless you want to drive your own krb server (which is hardly useful just because of single service).
Pavel
Dne 16.11.2016 v 12:04 Martin Juhl napsal(a):
When doing the kerberos implementation.. do you have the commands for generating the keytab file??
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...
copr-devel@lists.fedorahosted.org
-
Martin Juhl -
Miroslav Suchý -
Pavel Raiskup