diff options
| author | John Dennis <jdennis@redhat.com> | 2012-02-25 13:39:19 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-27 05:57:43 -0500 |
| commit | ee780df13c99a5465cd6df965772260c297a5eb2 (patch) | |
| tree | 8f215388e7642ca590aa7d0c432f7591653843df /ipaserver/plugins | |
| parent | 059a90702e454b99490031bd37541304e65d35d2 (diff) | |
| download | freeipa-ee780df13c99a5465cd6df965772260c297a5eb2.tar.gz freeipa-ee780df13c99a5465cd6df965772260c297a5eb2.tar.xz freeipa-ee780df13c99a5465cd6df965772260c297a5eb2.zip | |
Implement password based session login
* Adjust URL's
- rename /ipa/login -> /ipa/session/login_kerberos
- add /ipa/session/login_password
* Adjust Kerberos protection on URL's in ipa.conf
* Bump VERSION in httpd ipa.conf to pick up session changes.
* Adjust login URL in ipa.js
* Add InvalidSessionPassword to errors.py
* Rename krblogin class to login_kerberos for consistency with
new login_password class
* Implement login_password.kinit() method which invokes
/usr/bin/kinit as a subprocess
* Add login_password class for WSGI dispatch, accepts POST
application/x-www-form-urlencoded user & password
parameters. We form the Kerberos principal from the server's
realm.
* Add function krb5_unparse_ccache()
* Refactor code to share common code
* Clean up use of ccache names, be consistent
* Replace read_krbccache_file(), store_krbccache_file(), delete_krbccache_file()
with load_ccache_data(), bind_ipa_ccache(), release_ipa_ccache().
bind_ipa_ccache() now sets environment KRB5CCNAME variable.
release_ipa_ccache() now clears environment KRB5CCNAME variable.
* ccache names should now support any ccache storage scheme,
not just FILE based ccaches
* Add utilies to return HTTP status from wsgi handlers,
use constants for HTTP status code for consistency.
Use utilies for returning from wsgi handlers rather than
duplicated code.
* Add KerberosSession.finalize_kerberos_acquisition() method
so different login handlers can share common code.
* add Requires: krb5-workstation to server (server now calls kinit)
* Fix test_rpcserver.py to use new dispatch inside route() method
https://fedorahosted.org/freeipa/ticket/2095
Diffstat (limited to 'ipaserver/plugins')
| -rw-r--r-- | ipaserver/plugins/xmlserver.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ipaserver/plugins/xmlserver.py b/ipaserver/plugins/xmlserver.py index d2a28eca8..4ae914950 100644 --- a/ipaserver/plugins/xmlserver.py +++ b/ipaserver/plugins/xmlserver.py @@ -25,9 +25,10 @@ Loads WSGI server plugins. from ipalib import api if 'in_server' in api.env and api.env.in_server is True: - from ipaserver.rpcserver import wsgi_dispatch, xmlserver, jsonserver_kerb, jsonserver_session, krblogin + from ipaserver.rpcserver import wsgi_dispatch, xmlserver, jsonserver_kerb, jsonserver_session, login_kerberos, login_password api.register(wsgi_dispatch) api.register(xmlserver) api.register(jsonserver_kerb) api.register(jsonserver_session) - api.register(krblogin) + api.register(login_kerberos) + api.register(login_password) |