diff options
| author | Petr Vobornik <pvoborni@redhat.com> | 2012-10-04 17:08:17 +0200 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2012-10-17 10:52:00 +0200 |
| commit | 88498533d1e163731bdfaacbdf396b2624f18430 (patch) | |
| tree | 515dbe50994f06d23d25a983df348f2194c23508 /install | |
| parent | 631a00127706e0761023f6048c9b2a0fa08c99f6 (diff) | |
| download | freeipa.git-88498533d1e163731bdfaacbdf396b2624f18430.tar.gz freeipa.git-88498533d1e163731bdfaacbdf396b2624f18430.tar.xz freeipa.git-88498533d1e163731bdfaacbdf396b2624f18430.zip | |
Build and installation of Kerberos authentication extension
This patch is adding a build of kerberosauth.xpi (FF Kerberos authentication extension).
Currently the build is done in install phase of FreeIPA server. It is to allow signing of the extension by singing certificate. The signing might not be necessary because the only outcome is that in extension installation FF doesn't show that the maker is not verified. It shows text: 'Object signing cert'. This might be a bug in httpinstance.py:262(db.create_signing_cert("Signing-Cert", "Object Signing Cert", ca_db)) The value is in place of hostname parameter.
If the extension is not signed, it can be created in rpm build phase, which should make upgrades easier. Current implementation doesn't handle upgrades yet.
In order to keep extension and config pages not dependent on a realm, a krb.js.teplate file was created. This template is used for creating a /usr/share/ipa/html/krb.js file in install phase which holds FreeIPA's realm and domain information. This information can be then used by config pages by importing this file.
Ticket: https://fedorahosted.org/freeipa/ticket/3094
Diffstat (limited to 'install')
| -rw-r--r-- | install/share/Makefile.am | 1 | ||||
| -rw-r--r-- | install/share/krb.js.template | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-install | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-prepare | 2 |
4 files changed, 7 insertions, 0 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 31e4455d..ed3b95f9 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -30,6 +30,7 @@ app_DATA = \ krb5.conf.template \ krb5.ini.template \ krb.con.template \ + krb.js.template \ krbrealm.con.template \ preferences.html.template \ referint-conf.ldif \ diff --git a/install/share/krb.js.template b/install/share/krb.js.template new file mode 100644 index 00000000..e7ea0559 --- /dev/null +++ b/install/share/krb.js.template @@ -0,0 +1,2 @@ +var IPA_REALM = "$REALM"; +var IPA_DOMAIN = "$DOMAIN";
\ No newline at end of file diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 07b1781e..0d6da537 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -196,6 +196,8 @@ def install_http(config, auto_redirect): try: shutil.copy(config.dir + "/preferences.html", "/usr/share/ipa/html/preferences.html") shutil.copy(config.dir + "/configure.jar", "/usr/share/ipa/html/configure.jar") + shutil.copy(config.dir + "/krb.js", "/usr/share/ipa/html/krb.js") + shutil.copy(config.dir + "/kerberosauth.xpi", "/usr/share/ipa/html/kerberosauth.xpi") except Exception, e: print "error copying files: " + str(e) sys.exit(1) diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index c54aa62b..7bfa5533 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -217,6 +217,8 @@ def copy_files(realm_name, dir): try: shutil.copy("/usr/share/ipa/html/ca.crt", dir + "/ca.crt") if ipautil.file_exists("/usr/share/ipa/html/preferences.html"): + shutil.copy("/usr/share/ipa/html/krb.js", dir + "/krb.js") + shutil.copy("/usr/share/ipa/html/kerberosauth.xpi", dir + "/kerberosauth.xpi") shutil.copy("/usr/share/ipa/html/preferences.html", dir + "/preferences.html") shutil.copy("/usr/share/ipa/html/configure.jar", dir + "/configure.jar") if ipautil.file_exists("/var/kerberos/krb5kdc/cacert.pem"): |