diff options
author | rcritten@redhat.com <rcritten@redhat.com> | 2007-09-24 15:20:34 -0400 |
---|---|---|
committer | rcritten@redhat.com <rcritten@redhat.com> | 2007-09-24 15:20:34 -0400 |
commit | e606ad56064193ccf64fceac9e027b2d75067b25 (patch) | |
tree | e5024296ee017649ad4a2c6aba4c5abfb9358fb2 /ipa-server | |
parent | a1196902aa410e03306da212eb0e336c1e8cc29d (diff) | |
download | freeipa-e606ad56064193ccf64fceac9e027b2d75067b25.tar.gz freeipa-e606ad56064193ccf64fceac9e027b2d75067b25.tar.xz freeipa-e606ad56064193ccf64fceac9e027b2d75067b25.zip |
Show (hopefully) useful information if the Kerberos connection fails.
Diffstat (limited to 'ipa-server')
-rw-r--r-- | ipa-server/xmlrpc-server/ipa.conf | 7 | ||||
-rw-r--r-- | ipa-server/xmlrpc-server/ssbrowser.html | 65 | ||||
-rw-r--r-- | ipa-server/xmlrpc-server/unauthorized.html | 14 |
3 files changed, 86 insertions, 0 deletions
diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf index 9b73ec69d..c66ef8f98 100644 --- a/ipa-server/xmlrpc-server/ipa.conf +++ b/ipa-server/xmlrpc-server/ipa.conf @@ -58,3 +58,10 @@ Alias /ipa "/usr/share/ipa/ipaserver/XMLRPC" PythonAutoReload Off </Directory> +Alias /errors "/usr/share/ipa/html" + +<Directory "/usr/share/ipa/html"> + AllowOverride None + Satisfy Any + Allow from all +</Directory> diff --git a/ipa-server/xmlrpc-server/ssbrowser.html b/ipa-server/xmlrpc-server/ssbrowser.html new file mode 100644 index 000000000..119679794 --- /dev/null +++ b/ipa-server/xmlrpc-server/ssbrowser.html @@ -0,0 +1,65 @@ +<html> +<body> + <h2>Browser Kerberos Setup</h2> + <h3> Internet Explorer Configuration </h3> +<p>Once you are able to log into the workstation with your kerberos key you should be able to use that ticket in Internet Explorer. +</p> +<ul><li> Login to the Windows machine using an account of domain FREEIPA.ORG + +</li><li> The next few steps are better-documented (with screenies) at <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/http-sso-1.asp" class="external free" rel="nofollow" title="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/http-sso-1.asp">http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/http-sso-1.asp</a> +</li><li> In Internet Explorer, click Tools, and then click Internet Options. +</li></ul> +<ol><li> Click the Security tab. +</li><li> Click Local intranet. +</li><li> Click Sites +</li><li> Click Advanced +</li><li> Add *.freeipa.org to the list + +</li></ol> +<ul><li> In Internet Explorer, click Tools, and then click Internet Options. +</li></ul> +<ol><li> Click the Security tab. +</li><li> Click Local intranet. +</li><li> Click Custom Level +</li><li> Select Automatic logon only in Intranet zone. +</li></ol> +<ul><li> Visit a kerberized web site using IE. You must use the fully-qualified DN in the URL. +</li><li> If all went right, it should work. + +</li></ul> +<h3 class="title">Firefox Configuration</h3> +<p> +You can configure Firefox to use Kerberos for Single Sign-on. In order for this functionality to work correctly, you need to configure your web browser to send your Kerberos credentials to the appropriate <span class="abbrev">KDC</span>.The following section describes the configuration changes and other requirements to achieve this. +</p> +<ol class="arabic"> +<li> +<p> +In the address bar of Firefox, type <b class="userinput"><tt>about:config</tt></b> to display the list of current configuration options. +</p> +</li> + +<li> +<p> +In the <span><b class="guilabel">Filter</b></span> field, type <b class="userinput"><tt>negotiate</tt></b> to restrict the list of options. +</p> +</li> +<li> +<p> +Double-click the <span class="emphasis"><em>network.negotiate-auth.trusted-uris</em></span> entry to display the <span class="emphasis"><em>Enter string value</em></span> dialog box. + +</p> +</li> +<li> +<p> +Enter the name of the domain against which you want to authenticate, for example, <i class="replaceable"><tt>.example.com</tt></i>. +</p> +</li> +<li> +<p> +Repeat the above procedure for the <span class="emphasis"><em>network.negotiate-auth.delegation-uris</em></span> entry, using the same domain. +</p> +</li> + +</ol> +</body> +</html> diff --git a/ipa-server/xmlrpc-server/unauthorized.html b/ipa-server/xmlrpc-server/unauthorized.html new file mode 100644 index 000000000..98e037e58 --- /dev/null +++ b/ipa-server/xmlrpc-server/unauthorized.html @@ -0,0 +1,14 @@ +<html> +<title>Kerberos Authentication Failed</h2> +<body> +<h2>Kerberos Authentication Failed</h2> +<p> +Unable to verify your Kerberos credentials. Please make sure +that you have valid Kerberos tickets (obtainable via kinit), and that you +have <a href="/errors/ssbrowser.html">configured your +browser correctly</a>. If you are still unable to access +the idm wiki, please contact the helpdesk on for additional assistance. +</p> +</ul> +</body> +</html> |