diff options
| author | Jason Gerard DeRose <jderose@redhat.com> | 2009-10-26 05:16:18 -0600 |
|---|---|---|
| committer | Jason Gerard DeRose <jderose@redhat.com> | 2009-10-27 21:38:13 -0600 |
| commit | c4b7b70636fb34e48fde0e740e690fe9c5cc13cc (patch) | |
| tree | d49e9211387d070bfe785365dda465b0a18fdf6d /install/conf | |
| parent | 23b800a879afcbb49a2ce095cbe2e309a26976a7 (diff) | |
| download | freeipa-c4b7b70636fb34e48fde0e740e690fe9c5cc13cc.tar.gz freeipa-c4b7b70636fb34e48fde0e740e690fe9c5cc13cc.tar.xz freeipa-c4b7b70636fb34e48fde0e740e690fe9c5cc13cc.zip | |
Add mod_python adapter and some UI tuning
Diffstat (limited to 'install/conf')
| -rw-r--r-- | install/conf/ipa.conf | 53 |
1 files changed, 25 insertions, 28 deletions
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 5ca13d37b..032be20b2 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -11,30 +11,6 @@ PythonImport ipaserver main_interpreter # This is required so the auto-configuration works with Firefox 2+ AddType application/java-archive jar -<ProxyMatch ^.*/ipa/ui.*$$> - AuthType Kerberos - AuthName "Kerberos Login" - KrbMethodNegotiate on - KrbMethodK5Passwd off - KrbServiceName HTTP - KrbAuthRealms $REALM - Krb5KeyTab /etc/httpd/conf/ipa.keytab - KrbSaveCredentials on - Require valid-user - ErrorDocument 401 /ipa/errors/unauthorized.html - RewriteEngine on - Order deny,allow - Allow from all - - RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e - - # RequestHeader unset Authorization -</ProxyMatch> - -# The URI's with a trailing ! are those that aren't handled by the proxy -ProxyPass /ipa/ui http://localhost:8080/ipa/ui -ProxyPassReverse /ipa/ui http://localhost:8080/ipa/ui - # This is where we redirect on failed auth Alias /ipa/errors "/usr/share/ipa/html" @@ -44,7 +20,8 @@ Alias /ipa/config "/usr/share/ipa/html" # For CRL publishing Alias /ipa/crl "/var/lib/pki-ca/publish" -<Location "/ipa/xml"> + +<Location "/ipa"> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on @@ -55,19 +32,39 @@ Alias /ipa/crl "/var/lib/pki-ca/publish" KrbSaveCredentials on Require valid-user ErrorDocument 401 /ipa/errors/unauthorized.html +</Location> +<Location "/ipa/xml"> SetHandler python-program PythonInterpreter main_interpreter PythonHandler ipaserver::xmlrpc - PythonDebug Off + PythonOption IPADebug Off + PythonOption SCRIPT_NAME /ipa/xml + PythonAutoReload Off +</Location> +<Location "/ipa/json"> + SetHandler python-program + PythonInterpreter main_interpreter + PythonHandler ipaserver::jsonrpc + PythonDebug Off PythonOption IPADebug Off + PythonOption SCRIPT_NAME /ipa/json + PythonAutoReload Off +</Location> - # this is pointless to use since it would just reload ipaxmlrpc.py +<Location "/ipa/ui"> + SetHandler python-program + PythonInterpreter main_interpreter + PythonHandler ipaserver::webui + PythonDebug Off + PythonOption IPADebug Off + PythonOption SCRIPT_NAME /ipa/ui PythonAutoReload Off </Location> + # Do no authentication on the directory that contains error messages <Directory "/usr/share/ipa/html"> AllowOverride None @@ -112,7 +109,7 @@ Alias /ipa/crl "/var/lib/pki-ca/publish" # # SetHandler mod_python # PythonHandler test_mod_python -# +# # PythonDebug Off # #</Directory> |