Change references to authkrb plugin to authgssapi

With the switch to mod_auth_gssapi we aren't limited to only
negotiated Kerberos so name the plugin to reflect this.

https://fedorahosted.org/ipsilon/ticket/114

Signed-off-by: Rob Crittenden <rcritten@redhat.com>

4 files changed, 43 insertions, 43 deletions

diff --git a/ipsilon/helpers/ipa.py b/ipsilon/helpers/ipa.py
index 2caddb3..5c01faa 100644
--- a/ipsilon/helpers/ipa.py
+++ b/ipsilon/helpers/ipa.py
@@ -93,10 +93,10 @@ class Installer(EnvHelpersInstaller):
                 raise Exception('No IPA tools found!')
 
         # Check if we already have a keytab for HTTP
-        if 'krb_httpd_keytab' in opts:
-            msg = "Searching for keytab in: %s" % opts['krb_httpd_keytab']
+        if 'gssapi_httpd_keytab' in opts:
+            msg = "Searching for keytab in: %s" % opts['gssapi_httpd_keytab']
             print >> sys.stdout, msg,
-            if os.path.exists(opts['krb_httpd_keytab']):
+            if os.path.exists(opts['gssapi_httpd_keytab']):
                 print >> sys.stdout, "... Found!"
                 return
             else:
@@ -105,7 +105,7 @@ class Installer(EnvHelpersInstaller):
         msg = "Searching for keytab in: %s" % HTTPD_IPA_KEYTAB
         print >> sys.stdout, msg,
         if os.path.exists(HTTPD_IPA_KEYTAB):
-            opts['krb_httpd_keytab'] = HTTPD_IPA_KEYTAB
+            opts['gssapi_httpd_keytab'] = HTTPD_IPA_KEYTAB
             print >> sys.stdout, "... Found!"
             return
         else:
@@ -167,11 +167,11 @@ class Installer(EnvHelpersInstaller):
 
         try:
             msg = "Trying to fetch keytab[%s] for %s" % (
-                  opts['krb_httpd_keytab'], princ)
+                  opts['gssapi_httpd_keytab'], princ)
             print >> sys.stdout, msg,
             subprocess.check_output([IPA_GETKEYTAB,
                                      '-s', server, '-p', princ,
-                                     '-k', opts['krb_httpd_keytab']],
+                                     '-k', opts['gssapi_httpd_keytab']],
                                     stderr=subprocess.STDOUT)
         except subprocess.CalledProcessError, e:
             # unfortunately this one is fatal
@@ -182,12 +182,12 @@ class Installer(EnvHelpersInstaller):
 
         # Fixup permissions so only the ipsilon user can read these files
         pw = pwd.getpwnam(HTTPD_USER)
-        os.chown(opts['krb_httpd_keytab'], pw.pw_uid, pw.pw_gid)
+        os.chown(opts['gssapi_httpd_keytab'], pw.pw_uid, pw.pw_gid)
 
     def configure_server(self, opts):
         if opts['ipa'] != 'yes' and opts['ipa'] != 'auto':
             return
-        if opts['ipa'] != 'yes' and opts['krb'] == 'no':
+        if opts['ipa'] != 'yes' and opts['gssapi'] == 'no':
             return
 
         self.logger = logging.getLogger()
@@ -196,12 +196,12 @@ class Installer(EnvHelpersInstaller):
 
         self.get_keytab(opts)
 
-        # Forcibly use krb then pam modules
+        # Forcibly use gssapi then pam modules
         if 'lm_order' not in opts:
             opts['lm_order'] = []
-        opts['krb'] = 'yes'
-        if 'krb' not in opts['lm_order']:
-            opts['lm_order'].insert(0, 'krb')
+        opts['gssapi'] = 'yes'
+        if 'gssapi' not in opts['lm_order']:
+            opts['lm_order'].insert(0, 'gssapi')
         opts['form'] = 'yes'
         if not any(lm in opts['lm_order'] for lm in ('form', 'pam')):
             opts['lm_order'].append('form')
diff --git a/ipsilon/login/authgssapi.py b/ipsilon/login/authgssapi.py
index dbb531a..97c3834 100644
--- a/ipsilon/login/authgssapi.py
+++ b/ipsilon/login/authgssapi.py
@@ -24,7 +24,7 @@ import cherrypy
 import os
 
 
-class Krb(LoginPageBase):
+class GSSAPI(LoginPageBase):
 
     def root(self, *args, **kwargs):
         # Someone typed manually or a robot is walking th tree.
@@ -32,7 +32,7 @@ class Krb(LoginPageBase):
         return self.lm.redirect_to_path(self.lm.path)
 
 
-class KrbAuth(LoginPageBase):
+class GSSAPIAuth(LoginPageBase):
 
     def root(self, *args, **kwargs):
         trans = self.get_valid_transaction('login', **kwargs)
@@ -44,16 +44,16 @@ class KrbAuth(LoginPageBase):
         if not self.user.is_anonymous:
             principal = cherrypy.request.wsgi_environ.get('GSS_NAME', None)
             if principal:
-                userdata = {'krb_principal_name': principal}
+                userdata = {'gssapi_principal_name': principal}
             else:
-                userdata = {'krb_principal_name': self.user.name}
+                userdata = {'gssapi_principal_name': self.user.name}
             return self.lm.auth_successful(trans, self.user.name,
-                                           'krb', userdata)
+                                           'gssapi', userdata)
         else:
             return self.lm.auth_failed(trans)
 
 
-class KrbError(LoginPageBase):
+class GSSAPIError(LoginPageBase):
 
     def root(self, *args, **kwargs):
         cherrypy.log.error('REQUEST: %s' % cherrypy.request.headers)
@@ -68,8 +68,8 @@ class KrbError(LoginPageBase):
                 return next_login.page.root(*args, **kwargs)
 
             conturl = '%s/login' % self.basepath
-            return self._template('login/krb.html',
-                                  title='Kerberos Login',
+            return self._template('login/gssapi.html',
+                                  title='GSSAPI Login',
                                   cont=conturl)
 
         # If we get here, negotiate failed
@@ -81,25 +81,25 @@ class LoginManager(LoginManagerBase):
 
     def __init__(self, *args, **kwargs):
         super(LoginManager, self).__init__(*args, **kwargs)
-        self.name = 'krb'
-        self.path = 'krb/negotiate'
+        self.name = 'gssapi'
+        self.path = 'gssapi/negotiate'
         self.page = None
         self.description = """
-Kerberos Negotiate authentication plugin. Relies on the mod_auth_gssapi
+GSSAPI Negotiate authentication plugin. Relies on the mod_auth_gssapi
 apache plugin for actual authentication. """
         self.new_config(self.name)
 
     def get_tree(self, site):
-        self.page = Krb(site, self)
-        self.page.__dict__['negotiate'] = KrbAuth(site, self)
-        self.page.__dict__['unauthorized'] = KrbError(site, self)
-        self.page.__dict__['failed'] = KrbError(site, self)
+        self.page = GSSAPI(site, self)
+        self.page.__dict__['negotiate'] = GSSAPIAuth(site, self)
+        self.page.__dict__['unauthorized'] = GSSAPIError(site, self)
+        self.page.__dict__['failed'] = GSSAPIError(site, self)
         return self.page
 
 
 CONF_TEMPLATE = """
 
-<Location /${instance}/login/krb/negotiate>
+<Location /${instance}/login/gssapi/negotiate>
   AuthType GSSAPI
   AuthName "GSSAPI Single Sign On Login"
   $keytab
@@ -107,8 +107,8 @@ CONF_TEMPLATE = """
   GssapiLocalName on
   Require valid-user
 
-  ErrorDocument 401 /${instance}/login/krb/unauthorized
-  ErrorDocument 500 /${instance}/login/krb/failed
+  ErrorDocument 401 /${instance}/login/gssapi/unauthorized
+  ErrorDocument 500 /${instance}/login/gssapi/failed
 </Location>
 """
 
@@ -117,25 +117,25 @@ class Installer(LoginManagerInstaller):
 
     def __init__(self, *pargs):
         super(Installer, self).__init__()
-        self.name = 'krb'
+        self.name = 'gssapi'
         self.pargs = pargs
 
     def install_args(self, group):
-        group.add_argument('--krb', choices=['yes', 'no'], default='no',
-                           help='Configure Kerberos authentication')
-        group.add_argument('--krb-httpd-keytab',
+        group.add_argument('--gssapi', choices=['yes', 'no'], default='no',
+                           help='Configure GSSAPI authentication')
+        group.add_argument('--gssapi-httpd-keytab',
                            default='/etc/httpd/conf/http.keytab',
                            help='Kerberos keytab location for HTTPD')
 
     def configure(self, opts):
-        if opts['krb'] != 'yes':
+        if opts['gssapi'] != 'yes':
             return
 
         confopts = {'instance': opts['instance']}
 
-        if os.path.exists(opts['krb_httpd_keytab']):
+        if os.path.exists(opts['gssapi_httpd_keytab']):
             confopts['keytab'] = 'GssapiCredStore keytab:%s' % (
-                opts['krb_httpd_keytab'])
+                opts['gssapi_httpd_keytab'])
         else:
             raise Exception('Keytab not found')
 
@@ -151,14 +151,14 @@ class Installer(LoginManagerInstaller):
 
         # Add configuration data to database
         po = PluginObject(*self.pargs)
-        po.name = 'krb'
+        po.name = 'gssapi'
         po.wipe_data()
 
-        # Update global config, put 'krb' always first
+        # Update global config, put 'gssapi' always first
         ph = self.pargs[0]
         ph.refresh_enabled()
-        if 'krb' not in ph.enabled:
+        if 'gssapi' not in ph.enabled:
             enabled = []
             enabled.extend(ph.enabled)
-            enabled.insert(0, 'krb')
+            enabled.insert(0, 'gssapi')
             ph.save_enabled(enabled)
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index bdcb9b8..521e0c0 100644
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -197,7 +197,7 @@ class AuthenticateRequest(ProviderPageBase):
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
             nameid = '_' + uuid.uuid4().hex
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
-            nameid = us.get_data('user', 'krb_principal_name')
+            nameid = us.get_data('user', 'gssapi_principal_name')
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL:
             nameid = us.get_user().email
             if not nameid:
diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py
index cec3e88..a507c7e 100644
--- a/ipsilon/providers/saml2idp.py
+++ b/ipsilon/providers/saml2idp.py
@@ -433,7 +433,7 @@ class Installer(ProviderInstaller):
         validity = int(opts['saml2_metadata_validity'])
         meta = IdpMetadataGenerator(url, cert,
                                     timedelta(validity))
-        if 'krb' in opts and opts['krb'] == 'yes':
+        if 'gssapi' in opts and opts['gssapi'] == 'yes':
             meta.meta.add_allowed_name_format(
                 lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS)