Bug 488086 - Fall back to username/password in web UI
Fall back to username/password in web UI
Status: CLOSED DUPLICATE of bug 646239
Product: freeIPA
Classification: Community
Component: Documentation (Show other bugs)
All Linux
low Severity medium
: v2 release
: ---
Assigned To: David O'Brien
Chandrasekar Kannan
: Documentation
Depends On:
Blocks: 431020 489811 646217 646239
  Show dependency treegraph
Reported: 2009-03-02 10:59 EST by Rob Crittenden
Modified: 2015-01-04 18:36 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 646239 (view as bug list)
Last Closed: 2011-01-13 22:32:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Rob Crittenden 2009-03-02 10:59:04 EST
Currently the web UI login will fail if kerberos negotiation fails. To have it fall back to have the browser pop up a username/password dialog, do the following:

- edit /etc/httpd/conf.d/ipa.conf
- In the section <ProxyMatch ^.*/ipa/ui.*$>
- Change KrbMethodK5Passwd from 'off' to 'on'
- /sbin/service restart httpd

Note that this change may not be preserved between IPA updates.
Comment 2 David O'Brien 2010-09-14 06:06:23 EDT
Is this still true with the revised web UI, with IPA 2.0, etc?
Comment 4 Dmitri Pal 2010-09-14 11:51:05 EDT
See ticket https://fedorahosted.org/freeipa/ticket/216

The way this is done is to set KrbMethodK5Passwd on in /etc/httpd/conf.d/ipa.conf and restart httpd. By default this is off. This is documented on the wiki.
Comment 5 Rob Crittenden 2010-09-14 15:33:55 EDT
Dmitri is right. You can skip the Proxy part in the previous instructions.

Note that this needs to be done on a per-server basis so if you have a number of replicas this needs to be done to all of them.
Comment 6 David O'Brien 2011-01-13 22:32:42 EST

*** This bug has been marked as a duplicate of bug 646239 ***

Note You need to log in before you can comment on or make changes to this bug.