diff options
author | rcritten@redhat.com <rcritten@redhat.com> | 2007-09-14 17:19:02 -0400 |
---|---|---|
committer | rcritten@redhat.com <rcritten@redhat.com> | 2007-09-14 17:19:02 -0400 |
commit | b85668579ec3fc69c2ed709533f8bd8d00e0e7e9 (patch) | |
tree | ec8aede13ba1c8cee4c26589bec578a25a148893 /ipa-server/xmlrpc-server/ipa.conf | |
parent | ed6ab17c9c703edb43c92a3205c5536771ce4d4f (diff) | |
download | freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.tar.gz freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.tar.xz freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.zip |
Use ticket forwarding with TurboGears. mod_proxy forwards the principal
name and location of the keytab. In order for this keytab to be usable
TurboGears and Apache will need to run as the same user. We will also need
to listen only on localhost in TG.
Diffstat (limited to 'ipa-server/xmlrpc-server/ipa.conf')
-rw-r--r-- | ipa-server/xmlrpc-server/ipa.conf | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf index 30a7655a6..784f26173 100644 --- a/ipa-server/xmlrpc-server/ipa.conf +++ b/ipa-server/xmlrpc-server/ipa.conf @@ -27,6 +27,7 @@ ProxyRequests Off RewriteCond %{IS_SUBREQ}% false RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}] RequestHeader set X-Forwarded-User %{RU}e + RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e # RequestHeader unset Authorization </Proxy> |