Discussion:
[Freeipa-users] What causes the web ui to display a second login dialog ?
Prasun Gera
2016-06-23 18:11:51 UTC
Permalink
Image attached. I don't use Windows much, but I noticed this on a windows
machine with Chrome. Before the actual login page is displayed, this login
dialog is displayed. Further, the credentials don't work in this dialog.

Env: RHEL 7.2, idm 4.x
Anthony Clark
2016-06-23 18:33:39 UTC
Permalink
Chrome in Windows is trying to be helpful and present your windows-based
Kerberos credentials to FreeIPA.

To "fix" this, you either disable Kerberos in Chrome (not sure how to do
that) or change your FreeIPA httpd config a bit:

# /etc/httpd/conf.d/ipa.conf line 64 or thereabouts, the <Location "/ipa">
section:
<If "%{HTTP_USER_AGENT} !~ /Chrome/">
AuthType GSSAPI
AuthName "Kerberos Login"
GssapiCredStore keytab:/etc/httpd/conf/ipa.keytab
GssapiCredStore client_keytab:/etc/httpd/conf/ipa.keytab
GssapiDelegCcacheDir /var/run/httpd/ipa/clientcaches
GssapiUseS4U2Proxy on
Require valid-user
ErrorDocument 401 /ipa/errors/unauthorized.html
</If>

Hope this helps, if there's a better way, someone please let me know :)

-Anthony
Post by Prasun Gera
Image attached. I don't use Windows much, but I noticed this on a windows
machine with Chrome. Before the actual login page is displayed, this login
dialog is displayed. Further, the credentials don't work in this dialog.
Env: RHEL 7.2, idm 4.x
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Simo Sorce
2016-06-23 20:27:32 UTC
Permalink
Post by Prasun Gera
Image attached. I don't use Windows much, but I noticed this on a windows
machine with Chrome. Before the actual login page is displayed, this login
dialog is displayed. Further, the credentials don't work in this dialog.
Env: RHEL 7.2, idm 4.x
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
We have some workarounds available in latest mod_auth_gssapi, they
should land in RHEL7.3 and hopefully make it easier to deal with this
problem.
https://fedorahosted.org/freeipa/ticket/5614

Simo.
--
Simo Sorce * Red Hat, Inc * New York
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Prasun Gera
2016-06-23 20:35:30 UTC
Permalink
Thanks. I'll wait for RHEL 7.3 then.
Post by Simo Sorce
Post by Prasun Gera
Image attached. I don't use Windows much, but I noticed this on a windows
machine with Chrome. Before the actual login page is displayed, this
login
Post by Prasun Gera
dialog is displayed. Further, the credentials don't work in this dialog.
Env: RHEL 7.2, idm 4.x
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
We have some workarounds available in latest mod_auth_gssapi, they
should land in RHEL7.3 and hopefully make it easier to deal with this
problem.
https://fedorahosted.org/freeipa/ticket/5614
Simo.
--
Simo Sorce * Red Hat, Inc * New York
Continue reading on narkive:
Search results for '[Freeipa-users] What causes the web ui to display a second login dialog ?' (Questions and Answers)
14
replies
Creating a "Why we should switch to Mac" Speech. Help Please?
started 2007-10-26 15:44:14 UTC
desktops
Loading...