From e40c583b12ed3d0b1db62154b7b0b84eed44ed6e Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 29 Oct 2007 12:00:48 -0400
Subject: Create configuration for MIT Windows kerberos client and install into
 http://hostname/config so users can point their MIT client at the IPA server
 and automatically fetch the configuration.

---
 ipa-server/ipa-install/share/Makefile.am           |  3 +++
 ipa-server/ipa-install/share/krb.con.template      |  2 ++
 ipa-server/ipa-install/share/krb5.ini.template     | 19 +++++++++++++++++++
 ipa-server/ipa-install/share/krbrealm.con.template |  3 +++
 ipa-server/ipaserver/krbinstance.py                | 16 ++++++++++++++++
 ipa-server/xmlrpc-server/ipa.conf                  |  5 ++++-
 6 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 ipa-server/ipa-install/share/krb.con.template
 create mode 100644 ipa-server/ipa-install/share/krb5.ini.template
 create mode 100644 ipa-server/ipa-install/share/krbrealm.con.template

diff --git a/ipa-server/ipa-install/share/Makefile.am b/ipa-server/ipa-install/share/Makefile.am
index b8049e41..58198c2f 100644
--- a/ipa-server/ipa-install/share/Makefile.am
+++ b/ipa-server/ipa-install/share/Makefile.am
@@ -12,6 +12,9 @@ app_DATA =			\
 	certmap.conf.template	\
 	kdc.conf.template	\
 	krb5.conf.template	\
+	krb5.ini.template	\
+	krb.con.template	\
+	krbrealm.con.template	\
 	$(NULL)
 
 EXTRA_DIST =			\
diff --git a/ipa-server/ipa-install/share/krb.con.template b/ipa-server/ipa-install/share/krb.con.template
new file mode 100644
index 00000000..d75a8f60
--- /dev/null
+++ b/ipa-server/ipa-install/share/krb.con.template
@@ -0,0 +1,2 @@
+$REALM $DOMAIN
+$REALM $DOMAIN admin server
diff --git a/ipa-server/ipa-install/share/krb5.ini.template b/ipa-server/ipa-install/share/krb5.ini.template
new file mode 100644
index 00000000..89f4a370
--- /dev/null
+++ b/ipa-server/ipa-install/share/krb5.ini.template
@@ -0,0 +1,19 @@
+[libdefaults]
+        default_realm = $REALM
+        krb4_config = /usr/kerberos/lib/krb.conf
+        krb4_realms = /usr/kerberos/lib/krb.realms
+        dns_lookup_kdc = true
+
+[realms]
+        $REALM = {
+                admin_server = $FQDN
+                kdc = $FQDN
+                default_domain = $REALM
+        }
+
+[domain_realm]
+        .$DOMAIN = $REALM
+        $DOMAIN = $REALM
+
+[logging]
+#       kdc = CONSOLE
diff --git a/ipa-server/ipa-install/share/krbrealm.con.template b/ipa-server/ipa-install/share/krbrealm.con.template
new file mode 100644
index 00000000..c6781386
--- /dev/null
+++ b/ipa-server/ipa-install/share/krbrealm.con.template
@@ -0,0 +1,3 @@
+.$REALM $REALM
+.$REALM. $REALM
+$REALM $REALM
diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py
index 15242460..26de2b03 100644
--- a/ipa-server/ipaserver/krbinstance.py
+++ b/ipa-server/ipaserver/krbinstance.py
@@ -175,6 +175,22 @@ class KrbInstance:
         krb5_fd.write(krb5_conf)
         krb5_fd.close()
 
+        # Windows configuration files
+        krb5_ini = template_file(SHARE_DIR+"krb5.ini.template", self.sub_dict)
+        krb5_fd = open("/usr/share/ipa/html/krb5.ini", "w+")
+        krb5_fd.write(krb5_ini)
+        krb5_fd.close()
+
+        krb_con = template_file(SHARE_DIR+"krb.con.template", self.sub_dict)
+        krb_fd = open("/usr/share/ipa/html/krb.con", "w+")
+        krb_fd.write(krb_con)
+        krb_fd.close()
+
+        krb_realm = template_file(SHARE_DIR+"krbrealm.con.template", self.sub_dict)
+        krb_fd = open("/usr/share/ipa/html/krbrealm.con", "w+")
+        krb_fd.write(krb_realm)
+        krb_fd.close()
+
         #populate the directory with the realm structure
         args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
         try:
diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf
index 2f9c82e0..2931b86d 100644
--- a/ipa-server/xmlrpc-server/ipa.conf
+++ b/ipa-server/xmlrpc-server/ipa.conf
@@ -6,7 +6,7 @@ ProxyRequests Off
 RewriteEngine on
 
 RewriteCond %{SERVER_PORT}  !^443$$
-RewriteCond %{REQUEST_URI}  !^/(errors)/
+RewriteCond %{REQUEST_URI}  !^/(errors|config)/
 RewriteRule ^/(.*)          https://%{SERVER_NAME}/$$1 [L,R,NC]
 
 <Proxy *>
@@ -37,11 +37,13 @@ RewriteRule ^/(.*)          https://%{SERVER_NAME}/$$1 [L,R,NC]
 # The URI's with a trailing ! are those that aren't handled by the proxy
 ProxyPass /cgi-bin !
 ProxyPass /errors !
+ProxyPass /config !
 ProxyPass /ipa !
 #ProxyPass /ipatest !
 ProxyPass / http://localhost:8080/
 ProxyPassReverse /cgi-bin !
 ProxyPassReverse /errors !
+ProxyPassReverse /config !
 ProxyPassReverse /ipa !
 #ProxyPassReverse /ipatest !
 ProxyPassReverse / http://localhost:8080/
@@ -50,6 +52,7 @@ ProxyPassReverse / http://localhost:8080/
 
 Alias /ipa "/usr/share/ipa/ipaserver/XMLRPC"
 Alias /errors "/usr/share/ipa/html"
+Alias /config "/usr/share/ipa/html"
 
 <Directory "/usr/share/ipa/ipaserver">
   AuthType Kerberos
-- 
cgit