diff options
author | Rob Crittenden <rcritten@redhat.com> | 2015-04-14 11:49:00 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-04-17 16:05:11 -0400 |
commit | 7e33a3a2df613ecdfd49d621f7cc7a6424d4f96f (patch) | |
tree | c0a977e398b95306de3ffa939dcfc5989c5062e9 /doc | |
parent | eaaffe854977912f9a4c0cc477197bd8ba96230f (diff) | |
download | ipsilon-7e33a3a2df613ecdfd49d621f7cc7a6424d4f96f.tar.gz ipsilon-7e33a3a2df613ecdfd49d621f7cc7a6424d4f96f.tar.xz ipsilon-7e33a3a2df613ecdfd49d621f7cc7a6424d4f96f.zip |
Use mod_auth_gssapi instead of mod_auth_kerb
Change configuration on new installs only.
Enable GssapiLocalName so we have access to the local name in
REMOTE_USER and the full principle in GSS_NAME.
Enable GssapiSSLonly even though SSLRequireSSL is also set.
The belt and suspenders principla.
https://fedorahosted.org/ipsilon/ticket/89
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/design.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/design.txt b/doc/design.txt index 44699c5..08830d2 100644 --- a/doc/design.txt +++ b/doc/design.txt @@ -29,7 +29,7 @@ Architecture Ipsilon is mostly a web service builtin in python on the cherrypy framework. It is normally installed and run in an apache server and some plugins depend -on authentication modules available in apache like mod_auth_kerb. +on authentication modules available in apache like mod_auth_gssapi. Each authentication method is chained to the next in line so that automatic fallback can happen and multiple authentication methods can be employed at |