From c4b7b70636fb34e48fde0e740e690fe9c5cc13cc Mon Sep 17 00:00:00 2001
From: Jason Gerard DeRose <jderose@redhat.com>
Date: Mon, 26 Oct 2009 05:16:18 -0600
Subject: Add mod_python adapter and some UI tuning

---
 install/conf/ipa.conf | 53 ++++++++++++++++++++++++---------------------------
 1 file changed, 25 insertions(+), 28 deletions(-)

(limited to 'install/conf')

diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index 5ca13d37..032be20b 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -11,30 +11,6 @@ PythonImport ipaserver main_interpreter
 # This is required so the auto-configuration works with Firefox 2+
 AddType application/java-archive        jar
 
-<ProxyMatch ^.*/ipa/ui.*$$>
-  AuthType Kerberos
-  AuthName "Kerberos Login"
-  KrbMethodNegotiate on
-  KrbMethodK5Passwd off
-  KrbServiceName HTTP
-  KrbAuthRealms $REALM
-  Krb5KeyTab /etc/httpd/conf/ipa.keytab
-  KrbSaveCredentials on
-  Require valid-user
-  ErrorDocument 401 /ipa/errors/unauthorized.html
-  RewriteEngine on
-  Order deny,allow
-  Allow from all
-
-  RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e
-
-  # RequestHeader unset Authorization
-</ProxyMatch>
-
-# The URI's with a trailing ! are those that aren't handled by the proxy
-ProxyPass /ipa/ui http://localhost:8080/ipa/ui
-ProxyPassReverse /ipa/ui http://localhost:8080/ipa/ui
-
 # This is where we redirect on failed auth
 Alias /ipa/errors "/usr/share/ipa/html"
 
@@ -44,7 +20,8 @@ Alias /ipa/config "/usr/share/ipa/html"
 # For CRL publishing
 Alias /ipa/crl "/var/lib/pki-ca/publish"
 
-<Location "/ipa/xml">
+
+<Location "/ipa">
   AuthType Kerberos
   AuthName "Kerberos Login"
   KrbMethodNegotiate on
@@ -55,19 +32,39 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
   KrbSaveCredentials on
   Require valid-user
   ErrorDocument 401 /ipa/errors/unauthorized.html
+</Location>
 
+<Location "/ipa/xml">
   SetHandler python-program
   PythonInterpreter main_interpreter
   PythonHandler ipaserver::xmlrpc
-
   PythonDebug Off
+  PythonOption IPADebug Off
+  PythonOption SCRIPT_NAME /ipa/xml
+  PythonAutoReload Off
+</Location>
 
+<Location "/ipa/json">
+  SetHandler python-program
+  PythonInterpreter main_interpreter
+  PythonHandler ipaserver::jsonrpc
+  PythonDebug Off
   PythonOption IPADebug Off
+  PythonOption SCRIPT_NAME /ipa/json
+  PythonAutoReload Off
+</Location>
 
-  # this is pointless to use since it would just reload ipaxmlrpc.py
+<Location "/ipa/ui">
+  SetHandler python-program
+  PythonInterpreter main_interpreter
+  PythonHandler ipaserver::webui
+  PythonDebug Off
+  PythonOption IPADebug Off
+  PythonOption SCRIPT_NAME /ipa/ui
   PythonAutoReload Off
 </Location>
 
+
 # Do no authentication on the directory that contains error messages
 <Directory "/usr/share/ipa/html">
   AllowOverride None
@@ -112,7 +109,7 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
 #
 #  SetHandler mod_python
 #  PythonHandler test_mod_python
-#  
+#
 #  PythonDebug Off
 #
 #</Directory>
-- 
cgit