Menu
▾
▴
Re: [ANNOUNCE] python-ad
|
From: Rich M. <ric...@gm...> - 2007-12-11 19:34:38
|
Michael Ströder wrote: > Rich Megginson wrote: > >> You might be interested in the freeipa.org project which uses python, >> python-ldap, turbogears, PyKerberos, and supports http authentication >> with forwardable tickets. >> I don't think they support SPNEGO yet but patches are welcome :-) >> > > How does the browser send the ticket to the web application then? > In Firefox, go to about:config In the Filter: text box, type "nego" You just have to set network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris to match your [domain_realm] setting in your /etc/krb5.conf. For example: network.negotiate-auth.delegation-uris: .example.com network.negotiate-auth.trusted-uris: .example.com I'm not sure but this should be documented on the freeipa.org web site, if it is not already. You also have to use Apache mod_auth_kerb, which should also be covered by freeipa.org > Ciao, Michael. > > |
