Alexander Bokovoy // Principal Software Engineer, Red Hat
Debarshi Ray // Senior Software Engineer, Red Hat
Flock 2016
There are now several free software identity management systems with the focus on managing operating systems’ environments:
We are working with Samba upstream at fixing remaining MIT Kerberos compatibility issues and provide Samba AD latest in Fedora 26.
FreeIPA client defaults to use SSSD as an agent
nss_sss
is referenced in /etc/nsswitch.conf
on Fedora by defaultpam_sss
use is configured at the enrollment time for system-auth
PAM service which is included to most PAM configurationsnss_winbind
and pam_winbind
for identity and authenticationnss_sss
and pam_sss
for identity and authentication?
Epiphany, the GNOME Web Browser, in GNOME 3.18:
Tomáš Popela (Red Hat), David Woodhouse (Intel), and Guido Guenther (Debian) worked to fix libsoup
and WebkitGtk
We logged into my FreeIPA server’s Web UI
The code is in GNOME 3.20 (March 2016) and is in Fedora 24
By default, all HTTPS sites advertising WWW-Authenticate: Negotiate
authentication method will be probed with GSSAPI
Down the rabbit hole…
GNOME Online Accounts could show Kerberos ticket properties
WWW-Authenticate: Negotiate
when Kerberos credentials are not availableWWW-Authenticate: Negotiate
over HTTPS
WWW-Authenticate: Negotiate
over HTTPSGNOME Online Accounts in GNOME 3.20 supports single sign-on with a catch
mod_auth_mellon
as SAML clientThere is a plan to fix GNOME VFS to support SAML negotiation so that Nautilus would be able to re-negotiate when accessing WebDAV shares
Nathaniel McCallum gave a talk “Secure, Automated Decryption” at 11:00 today, Wednesday, August 3rd. Watch the talk recording!