#4801 [RFE] Offer Kerberos over HTTP (kdcproxy) by default
Closed: Fixed None Opened 6 years ago by npmccallum.

This would add kdcproxy as a dependency of FreeIPA and we would just mount the WSGI application on a particular path. This would allow admins to expose the proxy at their network edge by a simple HTTP reverse proxy without having to setup and manage a dedicated application.

Should probably an optional component as DNS or CA or Vault.

If plugins can mount WSGI applications, we could do this as an installable plugin.

Yes, optional component as planned in #4058 would be really nice.

It was decided to add this change to 4.2 (stretch).

cheimes will help Nathaniel and take over this one.


  • 495da41 Provide Kerberos over HTTP (MS-KKDCP)

A HowToTest section would be appreciated.

Metadata Update from @npmccallum:
- Issue assigned to cheimes
- Issue set to the milestone: FreeIPA 4.2

4 years ago

Login to comment on this ticket.