Use ticket forwarding with TurboGears. mod_proxy forwards the principal

name and location of the keytab. In order for this keytab to be usable TurboGears and Apache will need to run as the same user. We will also need to listen only on localhost in TG.
author: rcritten@redhat.com <rcritten@redhat.com> 2007-09-14 17:19:02 -0400
committer: rcritten@redhat.com <rcritten@redhat.com> 2007-09-14 17:19:02 -0400
commit: b85668579ec3fc69c2ed709533f8bd8d00e0e7e9 (patch)
tree: ec8aede13ba1c8cee4c26589bec578a25a148893 /ipa-server/xmlrpc-server/ipa.conf
parent: ed6ab17c9c703edb43c92a3205c5536771ce4d4f (diff)
download: freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.tar.gz
freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.tar.xz
freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf
index 30a7655a6..784f26173 100644
--- a/ipa-server/xmlrpc-server/ipa.conf
+++ b/ipa-server/xmlrpc-server/ipa.conf
@@ -27,6 +27,7 @@ ProxyRequests Off
   RewriteCond %{IS_SUBREQ}% false
   RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}]
   RequestHeader set X-Forwarded-User %{RU}e
+  RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e
 
   # RequestHeader unset Authorization
 </Proxy>
author	rcritten@redhat.com <rcritten@redhat.com>	2007-09-14 17:19:02 -0400
committer	rcritten@redhat.com <rcritten@redhat.com>	2007-09-14 17:19:02 -0400
commit	b85668579ec3fc69c2ed709533f8bd8d00e0e7e9 (patch)
tree	ec8aede13ba1c8cee4c26589bec578a25a148893 /ipa-server/xmlrpc-server/ipa.conf
parent	ed6ab17c9c703edb43c92a3205c5536771ce4d4f (diff)
download	freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.tar.gz freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.tar.xz freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.zip