diff options
author | rcritten@redhat.com <rcritten@redhat.com> | 2007-09-14 17:19:02 -0400 |
---|---|---|
committer | rcritten@redhat.com <rcritten@redhat.com> | 2007-09-14 17:19:02 -0400 |
commit | b85668579ec3fc69c2ed709533f8bd8d00e0e7e9 (patch) | |
tree | ec8aede13ba1c8cee4c26589bec578a25a148893 /ipa-server/ipa-gui/ipagui/proxyprovider.py | |
parent | ed6ab17c9c703edb43c92a3205c5536771ce4d4f (diff) | |
download | freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.tar.gz freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.tar.xz freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.zip |
Use ticket forwarding with TurboGears. mod_proxy forwards the principal
name and location of the keytab. In order for this keytab to be usable
TurboGears and Apache will need to run as the same user. We will also need
to listen only on localhost in TG.
Diffstat (limited to 'ipa-server/ipa-gui/ipagui/proxyprovider.py')
-rw-r--r-- | ipa-server/ipa-gui/ipagui/proxyprovider.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/ipa-server/ipa-gui/ipagui/proxyprovider.py b/ipa-server/ipa-gui/ipagui/proxyprovider.py index 12519880..cc9d9164 100644 --- a/ipa-server/ipa-gui/ipagui/proxyprovider.py +++ b/ipa-server/ipa-gui/ipagui/proxyprovider.py @@ -1,6 +1,7 @@ from turbogears.identity.soprovider import * from turbogears.identity.visitor import * import logging +import os log = logging.getLogger("turbogears.identity") @@ -97,8 +98,10 @@ class ProxyIdentityProvider(SqlObjectIdentityProvider): def load_identity(self, visit_key): try: -# user_name= cherrypy.request.headers['X-FORWARDED-USER'] - user_name= "test@FREEIPA.ORG" + user_name= cherrypy.request.headers['X-FORWARDED-USER'] + os.environ["KRB5CCNAME"] = cherrypy.request.headers['X-FORWARDED-KEYTAB'] +# user_name = "test@FREEIPA.ORG" +# os.environ["KRB5CCNAME"] = "FILE:/tmp/krb5cc_500" except KeyError: return None set_login_attempted( True ) |