Andrew Holway
2015-Mar-23 09:34 UTC
[CentOS] Services supporting Kerberos and/or TLS client certificate authentication
Hello, We're starting to use FreeIPA in house (which is awesome btw) which means that Kerberos and TLS client certificate authentication is suddenly quite easy. Im looking for a list of common Linux services with data on how one can Authenticate/Authorise for these services. * httpd support TLS client certificate authentication and Kerberos * rabbitmq supports TLS client certificate authentication * dovecot supports Kerberos and ... etc, etc Cheers, Andrew
Jonathan Billings
2015-Mar-23 14:17 UTC
[CentOS] Services supporting Kerberos and/or TLS client certificate authentication
On Mon, Mar 23, 2015 at 10:34:49AM +0100, Andrew Holway wrote:> > Hello, > > We're starting to use FreeIPA in house (which is awesome btw) which means > that Kerberos and TLS client certificate authentication is suddenly quite > easy. Im looking for a list of common Linux services with data on how one > can Authenticate/Authorise for these services.Do you want to use Kerberos to authenticate user/passwords? Or are you looking to use the user's existing kerberos ticket to authenticate services?> * httpd support TLS client certificate authentication and KerberosYou can use mod_auth_kerb for httpd with any client that supports the Negotiate authentication method. There's also tools to let it use SASL to perform plain text password authentication, but I'm not familiar with it.> * dovecot supports Kerberos and ...Dovecot supports GSSAPI authentication as well as using SASL. Sendmail and Postfix too. Sorry, not sure about rabbitmq. -- Jonathan Billings <billings at negate.org>
Andrew Holway
2015-Mar-23 14:19 UTC
[CentOS] Services supporting Kerberos and/or TLS client certificate authentication
Hi Jonathan, http / rabbitmq just examples. I'm looking for a list. On 23 March 2015 at 15:17, Jonathan Billings <billings at negate.org> wrote:> On Mon, Mar 23, 2015 at 10:34:49AM +0100, Andrew Holway wrote: > > > > Hello, > > > > We're starting to use FreeIPA in house (which is awesome btw) which means > > that Kerberos and TLS client certificate authentication is suddenly quite > > easy. Im looking for a list of common Linux services with data on how one > > can Authenticate/Authorise for these services. > > Do you want to use Kerberos to authenticate user/passwords? Or are > you looking to use the user's existing kerberos ticket to authenticate > services? > > > * httpd support TLS client certificate authentication and Kerberos > > You can use mod_auth_kerb for httpd with any client that supports the > Negotiate authentication method. There's also tools to let it use > SASL to perform plain text password authentication, but I'm not > familiar with it. > > > * dovecot supports Kerberos and ... > > Dovecot supports GSSAPI authentication as well as using SASL. > Sendmail and Postfix too. > > Sorry, not sure about rabbitmq. > -- > Jonathan Billings <billings at negate.org> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >