diff options
Diffstat (limited to 'install')
| -rw-r--r-- | install/conf/ipa.conf | 23 | ||||
| -rw-r--r-- | install/share/wsgi.py | 3 | ||||
| -rw-r--r-- | install/ui/ipa.js | 3 |
3 files changed, 11 insertions, 18 deletions
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 676086a9..cd806be7 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -44,8 +44,8 @@ WSGIScriptReloading Off KrbConstrainedDelegationLock ipa -# Protect UI login url with Kerberos -<Location "/ipa/login"> +# Protect /ipa and everything below it in webspace with Apache Kerberos auth +<Location "/ipa"> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on @@ -59,22 +59,13 @@ KrbConstrainedDelegationLock ipa ErrorDocument 401 /ipa/errors/unauthorized.html </Location> -# Protect xmlrpc url with Kerberos -<Location "/ipa/xml"> - AuthType Kerberos - AuthName "Kerberos Login" - KrbMethodNegotiate on - KrbMethodK5Passwd off - KrbServiceName HTTP - KrbAuthRealms $REALM - Krb5KeyTab /etc/httpd/conf/ipa.keytab - KrbSaveCredentials on - KrbConstrainedDelegation on - Require valid-user - ErrorDocument 401 /ipa/errors/unauthorized.html +# Turn off Apache authentication for sessions +<Location "/ipa/session"> + Satisfy Any + Order Deny,Allow + Allow from all </Location> - # This is where we redirect on failed auth Alias /ipa/errors "/usr/share/ipa/html" diff --git a/install/share/wsgi.py b/install/share/wsgi.py index b61b919d..9f7d3f48 100644 --- a/install/share/wsgi.py +++ b/install/share/wsgi.py @@ -1,6 +1,7 @@ # Authors: # Rob Crittenden <rcritten@redhat.com> # Jason Gerard DeRose <jderose@redhat.com> +# John Dennis <jdennis@redhat.com> # # Copyright (C) 2010 Red Hat # see file 'COPYING' for use and warranty information @@ -45,6 +46,6 @@ else: # This is the WSGI callable: def application(environ, start_response): if not environ['wsgi.multithread']: - return api.Backend.session(environ, start_response) + return api.Backend.wsgi_dispatch(environ, start_response) else: api.log.error("IPA does not work with the threaded MPM, use the pre-fork MPM") diff --git a/install/ui/ipa.js b/install/ui/ipa.js index 82e89204..a599f6a8 100644 --- a/install/ui/ipa.js +++ b/install/ui/ipa.js @@ -3,6 +3,7 @@ * Pavel Zuna <pzuna@redhat.com> * Adam Young <ayoung@redhat.com> * Endi Dewata <edewata@redhat.com> + * John Dennis <jdennis@redhat.com> * * Copyright (C) 2010 Red Hat * see file 'COPYING' for use and warranty information @@ -58,7 +59,7 @@ var IPA = function() { // if current path matches live server path, use live data if (that.url && window.location.pathname.substring(0, that.url.length) === that.url) { - that.json_url = params.url || '/ipa/json'; + that.json_url = params.url || '/ipa/session/json'; that.login_url = params.url || '/ipa/login'; } else { // otherwise use fixtures |