diff options
Diffstat (limited to 'ipa-server/xmlrpc-server/test/README')
| -rw-r--r-- | ipa-server/xmlrpc-server/test/README | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/ipa-server/xmlrpc-server/test/README b/ipa-server/xmlrpc-server/test/README deleted file mode 100644 index 544efa52..00000000 --- a/ipa-server/xmlrpc-server/test/README +++ /dev/null @@ -1,60 +0,0 @@ -Diagnosing Kerberos credentials cache problems is difficult. - -The first thing to try is to set LogLevel to debug in -/etc/httpd/conf/httpd.conf and restart Apache. - -Look in /var/log/httpd/error_log for any problems. - -Also check out /var/log/krb5kdc.log - -To simplify things and test just Kerberos ticket forwarding: - -The first test is with a CGI: - -- copy test.py /var/www/cgi-bin -- chmod +x /var/www/cgi-bin/test.py -- kinit admin (or some other existing user) -- curl -u : --negotiate http://yourhost.fqdn/cgi-bin/test.py - -For yourhost.fqdn use the fully-qualified hostname of your webserver. - -The output should look something like: - -KRB5CCNAME is FILE:/tmp/krb5cc_apache_TiMAbq -Sucessfully bound to LDAP using SASL mechanism GSSAPI - -This CGI uses the forwarded credentials to make an authenticated LDAP -connection. If this fails it means that Apache is not properly storing -the kerberos credentials. - -If that works, the second test more closely models the way that IPA works. - -- mkdir /usr/share/ipa/ipatest -- cp test_mod_python.py /usr/share/ipa/ipatest -- uncomment the entries for ipatest in /etc/httpd/conf.d/ipa.conf. There are - entries for ProxyPass and ProxyReversePass, an Alias and a Directory -- restart Apache -- curl -u : --negotiate http://yourhost.fqdn/ipatest/ - -For yourhost.fqdn use the fully-qualified hostname of your webserver. - -The output should look something like: - -KRB5CCNAME: FILE:/tmp/krb5cc_apache_c0MU9o<br> -GATEWAY_INTERFACE: CGI/1.1<br> -... -SCRIPT_FILENAME: /usr/share/ipa/ipaserver/<br> -REMOTE_PORT: 45691<br> -REMOTE_USER: rcrit@GREYOAK.COM<br> -AUTH_TYPE: Negotiate<br> -KRB5CCNAME is FILE:/tmp/krb5cc_apache_c0MU9o<br> -Sucessfully bound to LDAP using SASL mechanism GSSAPI<br> - -It should print all of the environment variables available to mod_python -and do a GSSAPI LDAP connection. - -A final test, which lists the capabilities of the XML-RPC server is -test_methods.py. This is more a sanity check that new functions added -to the server work as expected. - -Note that opts is added by the server itself and is not passed in by the user. |