[389-users] GUI console and Kerberos

Paul Robert Marino prmarino1 at gmail.com
Wed Mar 11 18:51:49 UTC 2015 

Ok so here is some progress
i manually added my user name and password in
/etc/dirsrv/admin-serv/admpw using the htpassword command
if i put cn=<username> I get ldap error 32: No such object in the
admin server error log
but if i just put my username in it finds the entry and i get a
different error ldap error 48: Inappropriate authentication
this is making me wonder if saslauthd may help

On Wed, Mar 11, 2015 at 2:34 PM, Paul Robert Marino <prmarino1 at gmail.com> wrote:
> I know it will probably be a little more complex than that but I think
> it logically should be one of the steps.
> although it doesn't explain how "cn=Directory Manager" works
> but it makes a lot of sense when you see the 401 error from the login
> attempt it comes from the directory specified by
> "
> <Location /admin-serv/authenticate>
>     SetHandler user-auth
>     AuthUserFile /etc/dirsrv/admin-serv/admpw
>     AuthType basic
>     AuthName "Admin Server"
>     Require valid-user
>     Order allow,deny
>     Allow from all
> </Location>
> "
> in /etc/dirsrv/admin-serv/admserv.conf
>
>
>
>
> On Wed, Mar 11, 2015 at 2:13 PM, Rich Megginson <rmeggins at redhat.com> wrote:
>> On 03/11/2015 11:54 AM, Paul Robert Marino wrote:
>>>
>>> Hey every one
>>> I have a question I know at least once in the past i setup the admin
>>> console so it could utilize Kerberos passwords based on a howto I
>>> found once which after I changed jobs I could never find again.
>>>
>>> today I was looking for something else and I saw a mention on the site
>>> about httpd needing to be compiled with http auth support.
>>> well I did a little digging and I found this file
>>> /etc/dirsrv/admin-serv/admserv.conf
>>>
>>> in that file I found a lot of entries that look like this
>>> "
>>> <LocationMatch /*/[tT]asks/[Cc]onfiguration/*>
>>>    AuthUserFile /etc/dirsrv/admin-serv/admpw
>>>    AuthType basic
>>>    AuthName "Admin Server"
>>>    Require valid-user
>>>    AdminSDK on
>>>    ADMCgiBinDir /usr/lib64/dirsrv/cgi-bin
>>>    NESCompatEnv on
>>>    Options +ExecCGI
>>>    Order allow,deny
>>>    Allow from all
>>> </LocationMatch>
>>>
>>> "
>>> when I checked /etc/dirsrv/admin-serv/admpw sure enough I found the
>>> Password hash for the admin user.
>>>
>>> So my question is before I wast time experimenting could it possibly
>>> be as simple as changing the auth type to kerberos
>>> http://modauthkerb.sourceforge.net/configure.html
>>
>>
>> I don't know.  I don't think anyone has ever tried it.
>>
>>> keep in mind my Kerberos Servers do not use LDAP as the backend.
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users

More information about the 389-users mailing list