diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2007-10-29 12:00:48 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2007-10-29 12:00:48 -0400 |
| commit | e40c583b12ed3d0b1db62154b7b0b84eed44ed6e (patch) | |
| tree | 71f66a0eeabab7d5dfaddb09fa2ebb03a940b015 | |
| parent | 859291a706a8e37d6b145d27052276e927004f49 (diff) | |
| download | freeipa-e40c583b12ed3d0b1db62154b7b0b84eed44ed6e.tar.gz freeipa-e40c583b12ed3d0b1db62154b7b0b84eed44ed6e.tar.xz freeipa-e40c583b12ed3d0b1db62154b7b0b84eed44ed6e.zip | |
Create configuration for MIT Windows kerberos client and install into
http://hostname/config so users can point their MIT client at the IPA
server and automatically fetch the configuration.
| -rw-r--r-- | ipa-server/ipa-install/share/Makefile.am | 3 | ||||
| -rw-r--r-- | ipa-server/ipa-install/share/krb.con.template | 2 | ||||
| -rw-r--r-- | ipa-server/ipa-install/share/krb5.ini.template | 19 | ||||
| -rw-r--r-- | ipa-server/ipa-install/share/krbrealm.con.template | 3 | ||||
| -rw-r--r-- | ipa-server/ipaserver/krbinstance.py | 16 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/ipa.conf | 5 |
6 files changed, 47 insertions, 1 deletions
diff --git a/ipa-server/ipa-install/share/Makefile.am b/ipa-server/ipa-install/share/Makefile.am index b8049e41..58198c2f 100644 --- a/ipa-server/ipa-install/share/Makefile.am +++ b/ipa-server/ipa-install/share/Makefile.am @@ -12,6 +12,9 @@ app_DATA = \ certmap.conf.template \ kdc.conf.template \ krb5.conf.template \ + krb5.ini.template \ + krb.con.template \ + krbrealm.con.template \ $(NULL) EXTRA_DIST = \ diff --git a/ipa-server/ipa-install/share/krb.con.template b/ipa-server/ipa-install/share/krb.con.template new file mode 100644 index 00000000..d75a8f60 --- /dev/null +++ b/ipa-server/ipa-install/share/krb.con.template @@ -0,0 +1,2 @@ +$REALM $DOMAIN
+$REALM $DOMAIN admin server
diff --git a/ipa-server/ipa-install/share/krb5.ini.template b/ipa-server/ipa-install/share/krb5.ini.template new file mode 100644 index 00000000..89f4a370 --- /dev/null +++ b/ipa-server/ipa-install/share/krb5.ini.template @@ -0,0 +1,19 @@ +[libdefaults]
+ default_realm = $REALM
+ krb4_config = /usr/kerberos/lib/krb.conf
+ krb4_realms = /usr/kerberos/lib/krb.realms
+ dns_lookup_kdc = true
+
+[realms]
+ $REALM = {
+ admin_server = $FQDN
+ kdc = $FQDN
+ default_domain = $REALM
+ }
+
+[domain_realm]
+ .$DOMAIN = $REALM
+ $DOMAIN = $REALM
+
+[logging]
+# kdc = CONSOLE
diff --git a/ipa-server/ipa-install/share/krbrealm.con.template b/ipa-server/ipa-install/share/krbrealm.con.template new file mode 100644 index 00000000..c6781386 --- /dev/null +++ b/ipa-server/ipa-install/share/krbrealm.con.template @@ -0,0 +1,3 @@ +.$REALM $REALM
+.$REALM. $REALM
+$REALM $REALM
diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py index 15242460..26de2b03 100644 --- a/ipa-server/ipaserver/krbinstance.py +++ b/ipa-server/ipaserver/krbinstance.py @@ -175,6 +175,22 @@ class KrbInstance: krb5_fd.write(krb5_conf) krb5_fd.close() + # Windows configuration files + krb5_ini = template_file(SHARE_DIR+"krb5.ini.template", self.sub_dict) + krb5_fd = open("/usr/share/ipa/html/krb5.ini", "w+") + krb5_fd.write(krb5_ini) + krb5_fd.close() + + krb_con = template_file(SHARE_DIR+"krb.con.template", self.sub_dict) + krb_fd = open("/usr/share/ipa/html/krb.con", "w+") + krb_fd.write(krb_con) + krb_fd.close() + + krb_realm = template_file(SHARE_DIR+"krbrealm.con.template", self.sub_dict) + krb_fd = open("/usr/share/ipa/html/krbrealm.con", "w+") + krb_fd.write(krb_realm) + krb_fd.close() + #populate the directory with the realm structure args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"] try: diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf index 2f9c82e0..2931b86d 100644 --- a/ipa-server/xmlrpc-server/ipa.conf +++ b/ipa-server/xmlrpc-server/ipa.conf @@ -6,7 +6,7 @@ ProxyRequests Off RewriteEngine on RewriteCond %{SERVER_PORT} !^443$$ -RewriteCond %{REQUEST_URI} !^/(errors)/ +RewriteCond %{REQUEST_URI} !^/(errors|config)/ RewriteRule ^/(.*) https://%{SERVER_NAME}/$$1 [L,R,NC] <Proxy *> @@ -37,11 +37,13 @@ RewriteRule ^/(.*) https://%{SERVER_NAME}/$$1 [L,R,NC] # The URI's with a trailing ! are those that aren't handled by the proxy ProxyPass /cgi-bin ! ProxyPass /errors ! +ProxyPass /config ! ProxyPass /ipa ! #ProxyPass /ipatest ! ProxyPass / http://localhost:8080/ ProxyPassReverse /cgi-bin ! ProxyPassReverse /errors ! +ProxyPassReverse /config ! ProxyPassReverse /ipa ! #ProxyPassReverse /ipatest ! ProxyPassReverse / http://localhost:8080/ @@ -50,6 +52,7 @@ ProxyPassReverse / http://localhost:8080/ Alias /ipa "/usr/share/ipa/ipaserver/XMLRPC" Alias /errors "/usr/share/ipa/html" +Alias /config "/usr/share/ipa/html" <Directory "/usr/share/ipa/ipaserver"> AuthType Kerberos |