Cockpit and SSO with IPA

1. log in as admin

sudo su
kinit admin

2. generate the service entry on the domain

ipa service-add http/cockpit.local.test

3. get the keytab for service

ipa-getkeytab -p HTTP/cockpit.local.test@LOCAL.TEST -k /etc/cockpit/krb5.keytab

4. check it

klist -k /etc/cockpit/krb5.keytab

5. in case of firefox, change the properties:

network.automatic-ntlm-auth.trusted-uris true
network.automatic-ntlm-auth.trusted-uris .local.test

Leave a Reply

Your email address will not be published. Required fields are marked *