Bug 1200883 - [RFE] Switch apache to use mod_auth_gssapi
Summary: [RFE] Switch apache to use mod_auth_gssapi
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Namita Soman
Aneta Šteflová Petrová
URL:
Whiteboard:
Depends On:
Blocks: 1181710
TreeView+ depends on / blocked
 
Reported: 2015-03-11 15:04 UTC by Martin Kosek
Modified: 2015-12-10 13:50 UTC (History)
7 users (show)

Fixed In Version: ipa-4.2.0-0.1.alpha1.el7
Doc Type: Release Note
Doc Text:
Negotiate authentication streamlined with *mod_auth_gssapi* Identity Management now uses the *mod_auth_gssapi* module, which uses GSSAPI calls instead of direct Kerberos calls used by the previously used *mod_auth_kerb* module.
Clone Of:
Environment:
Last Closed: 2015-11-19 12:02:05 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2362 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2015-11-19 10:40:46 UTC

Description Martin Kosek 2015-03-11 15:04:19 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4190

mod_auth_gssapi is a new module I am working on to make Negotiate authentication more streamlined.

The main feature for FreeIPA is that it will allow the use of GSS-Proxy for all functionality as it does not use direct libkrb5 calls unlike mod_auth_kerb

It is a precondition for implementing #4189

Comment 6 Brian J. Murrell 2015-08-21 11:24:08 UTC
When is this likely to hit RHEL 7?  This will close bug 1255703, but if this hitting RHEL 7 is still a long way out, I'd like to see bug 1255703 fixed in the meanwhile.

Comment 8 Namita Soman 2015-09-17 17:10:34 UTC
incorrectly paste above. 

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.2 Beta (Maipo)

# rpm -qi mod_auth_gssapi
Name        : mod_auth_gssapi
Version     : 1.3.1
Release     : 1.el7
Architecture: x86_64
Install Date: Wed 16 Sep 2015 02:07:45 PM EDT
Group       : System Environment/Daemons
Size        : 124842
License     : MIT
Signature   : RSA/SHA256, Wed 09 Sep 2015 11:59:48 AM EDT, Key ID 938a80caf21541eb
Source RPM  : mod_auth_gssapi-1.3.1-1.el7.src.rpm
Build Date  : Thu 03 Sep 2015 03:01:58 PM EDT
Build Host  : x86-036.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : https://github.com/modauthgssapi/mod_auth_gssapi
Summary     : A GSSAPI Authentication module for Apache
Description :
The mod_auth_gssapi module is an authentication service that implements the
SPNEGO based HTTP Authentication protocol defined in RFC4559.

Comment 9 errata-xmlrpc 2015-11-19 12:02:05 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html


Note You need to log in before you can comment on or make changes to this bug.