blob: b9562936f806f585431c98f8f3ebc9057950eca8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
#
# VERSION 2 - DO NOT REMOVE THIS LINE
#
# LoadModule auth_kerb_module modules/mod_auth_kerb.so
ProxyRequests Off
PythonImport ipaserver main_interpreter
# ipa-rewrite.conf is loaded separately
# This is required so the auto-configuration works with Firefox 2+
AddType application/java-archive jar
# This is where we redirect on failed auth
Alias /ipa/errors "/usr/share/ipa/html"
# For the MIT Windows config files
Alias /ipa/config "/usr/share/ipa/html"
# For CRL publishing
Alias /ipa/crl "/var/lib/pki-ca/publish"
<Location "/ipa">
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate on
KrbMethodK5Passwd off
KrbServiceName HTTP
KrbAuthRealms $REALM
Krb5KeyTab /etc/httpd/conf/ipa.keytab
KrbSaveCredentials on
Require valid-user
ErrorDocument 401 /ipa/errors/unauthorized.html
</Location>
<Location "/ipa/xml">
SetHandler python-program
PythonInterpreter main_interpreter
PythonHandler ipaserver::xmlrpc
PythonDebug Off
PythonOption SCRIPT_NAME /ipa/xml
PythonAutoReload Off
</Location>
<Location "/ipa/json">
SetHandler python-program
PythonInterpreter main_interpreter
PythonHandler ipaserver::jsonrpc
PythonDebug Off
PythonOption SCRIPT_NAME /ipa/json
PythonAutoReload Off
</Location>
<Location "/ipa/ui">
SetHandler python-program
PythonInterpreter main_interpreter
PythonHandler ipaserver::webui
PythonDebug Off
PythonOption SCRIPT_NAME /ipa/ui
PythonAutoReload Off
</Location>
Alias /ipa-assets/ "/var/cache/ipa/assets/"
<Directory "/var/cache/ipa/assets">
Allow from all
AllowOverride None
# add Indexes to Options to allow browsing
Options FollowSymLinks
ExpiresActive On
ExpiresDefault A31536000
</Directory>
# Do no authentication on the directory that contains error messages
<Directory "/usr/share/ipa/html">
AllowOverride None
Satisfy Any
Allow from all
</Directory>
<Directory "/var/lib/pki-ca/publish">
AllowOverride None
Options Indexes FollowSymLinks
Satisfy Any
Allow from all
</Directory>
# Protect our CGIs
<Directory /var/www/cgi-bin>
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate on
KrbMethodK5Passwd off
KrbServiceName HTTP
KrbAuthRealms $REALM
Krb5KeyTab /etc/httpd/conf/ipa.keytab
KrbSaveCredentials on
Require valid-user
ErrorDocument 401 /ipa/errors/unauthorized.html
</Directory>
# migration related pages
Alias /ipa/migration "/usr/share/ipa/migration"
<Directory "/usr/share/ipa/migration">
AllowOverride None
Satisfy Any
Allow from all
AddHandler mod_python .py
PythonHandler mod_python.publisher
</Directory>
#Alias /ipatest "/usr/share/ipa/ipatest"
#<Directory "/usr/share/ipa/ipatest">
# AuthType Kerberos
# AuthName "Kerberos Login"
# KrbMethodNegotiate on
# KrbMethodK5Passwd off
# KrbServiceName HTTP
# KrbAuthRealms $REALM
# Krb5KeyTab /etc/httpd/conf/ipa.keytab
# KrbSaveCredentials on
# Require valid-user
# ErrorDocument 401 /ipa/errors/unauthorized.html
#
# SetHandler mod_python
# PythonHandler test_mod_python
#
# PythonDebug Off
#
#</Directory>
|
