diff options
author | Rob Crittenden <rcritten@redhat.com> | 2015-04-14 11:49:00 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-04-17 16:05:11 -0400 |
commit | 7e33a3a2df613ecdfd49d621f7cc7a6424d4f96f (patch) | |
tree | c0a977e398b95306de3ffa939dcfc5989c5062e9 /README | |
parent | eaaffe854977912f9a4c0cc477197bd8ba96230f (diff) | |
download | ipsilon-7e33a3a2df613ecdfd49d621f7cc7a6424d4f96f.tar.gz ipsilon-7e33a3a2df613ecdfd49d621f7cc7a6424d4f96f.tar.xz ipsilon-7e33a3a2df613ecdfd49d621f7cc7a6424d4f96f.zip |
Use mod_auth_gssapi instead of mod_auth_kerb
Change configuration on new installs only.
Enable GssapiLocalName so we have access to the local name in
REMOTE_USER and the full principle in GSS_NAME.
Enable GssapiSSLonly even though SSLRequireSSL is also set.
The belt and suspenders principla.
https://fedorahosted.org/ipsilon/ticket/89
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'README')
-rw-r--r-- | README | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -29,8 +29,8 @@ Prerequisites: - An unprivileged user to run the Ipsilon code (defaults to 'ipsilon') Currently there are only two available authentication modules, Kerberos and -PAM. The Kerberos module uses mod_auth_kerb (which it will configure for you at -install time), the Pam module simply uses the PAM stack with a default service +PAM. The Kerberos module uses mod_auth_gssapi (which it will configure for +you at install time), the Pam module simply uses the PAM stack with a default service name set to 'remote'. NOTE: The PAM module is invoked as an unprivileged user so if you are using the |