summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipa-gui/ipagui/proxyprovider.py
diff options
context:
space:
mode:
authorrcritten@redhat.com <rcritten@redhat.com>2007-09-14 17:19:02 -0400
committerrcritten@redhat.com <rcritten@redhat.com>2007-09-14 17:19:02 -0400
commitb85668579ec3fc69c2ed709533f8bd8d00e0e7e9 (patch)
treeec8aede13ba1c8cee4c26589bec578a25a148893 /ipa-server/ipa-gui/ipagui/proxyprovider.py
parented6ab17c9c703edb43c92a3205c5536771ce4d4f (diff)
downloadfreeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.tar.gz
freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.tar.xz
freeipa-b85668579ec3fc69c2ed709533f8bd8d00e0e7e9.zip
Use ticket forwarding with TurboGears. mod_proxy forwards the principal
name and location of the keytab. In order for this keytab to be usable TurboGears and Apache will need to run as the same user. We will also need to listen only on localhost in TG.
Diffstat (limited to 'ipa-server/ipa-gui/ipagui/proxyprovider.py')
-rw-r--r--ipa-server/ipa-gui/ipagui/proxyprovider.py7
1 files changed, 5 insertions, 2 deletions
diff --git a/ipa-server/ipa-gui/ipagui/proxyprovider.py b/ipa-server/ipa-gui/ipagui/proxyprovider.py
index 12519880..cc9d9164 100644
--- a/ipa-server/ipa-gui/ipagui/proxyprovider.py
+++ b/ipa-server/ipa-gui/ipagui/proxyprovider.py
@@ -1,6 +1,7 @@
from turbogears.identity.soprovider import *
from turbogears.identity.visitor import *
import logging
+import os
log = logging.getLogger("turbogears.identity")
@@ -97,8 +98,10 @@ class ProxyIdentityProvider(SqlObjectIdentityProvider):
def load_identity(self, visit_key):
try:
-# user_name= cherrypy.request.headers['X-FORWARDED-USER']
- user_name= "test@FREEIPA.ORG"
+ user_name= cherrypy.request.headers['X-FORWARDED-USER']
+ os.environ["KRB5CCNAME"] = cherrypy.request.headers['X-FORWARDED-KEYTAB']
+# user_name = "test@FREEIPA.ORG"
+# os.environ["KRB5CCNAME"] = "FILE:/tmp/krb5cc_500"
except KeyError:
return None
set_login_attempted( True )