diff options
Diffstat (limited to 'install/conf')
-rw-r--r-- | install/conf/ipa.conf | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 676086a90..cd806be7d 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -44,8 +44,8 @@ WSGIScriptReloading Off KrbConstrainedDelegationLock ipa -# Protect UI login url with Kerberos -<Location "/ipa/login"> +# Protect /ipa and everything below it in webspace with Apache Kerberos auth +<Location "/ipa"> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on @@ -59,22 +59,13 @@ KrbConstrainedDelegationLock ipa ErrorDocument 401 /ipa/errors/unauthorized.html </Location> -# Protect xmlrpc url with Kerberos -<Location "/ipa/xml"> - AuthType Kerberos - AuthName "Kerberos Login" - KrbMethodNegotiate on - KrbMethodK5Passwd off - KrbServiceName HTTP - KrbAuthRealms $REALM - Krb5KeyTab /etc/httpd/conf/ipa.keytab - KrbSaveCredentials on - KrbConstrainedDelegation on - Require valid-user - ErrorDocument 401 /ipa/errors/unauthorized.html +# Turn off Apache authentication for sessions +<Location "/ipa/session"> + Satisfy Any + Order Deny,Allow + Allow from all </Location> - # This is where we redirect on failed auth Alias /ipa/errors "/usr/share/ipa/html" |