diff options
Diffstat (limited to 'ipa-server/xmlrpc-server')
| -rw-r--r-- | ipa-server/xmlrpc-server/ipa-rewrite.conf | 19 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/ipa.conf | 109 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/ssbrowser.html | 68 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/unauthorized.html | 28 |
4 files changed, 0 insertions, 224 deletions
diff --git a/ipa-server/xmlrpc-server/ipa-rewrite.conf b/ipa-server/xmlrpc-server/ipa-rewrite.conf deleted file mode 100644 index ef494300..00000000 --- a/ipa-server/xmlrpc-server/ipa-rewrite.conf +++ /dev/null @@ -1,19 +0,0 @@ -# VERSION 2 - DO NOT REMOVE THIS LINE - -RewriteEngine on - -# By default forward all requests to /ipa. If you don't want IPA -# to be the default on your web server comment this line out. You will -# need to modify ipa_webgui.cfg as well. -RewriteRule ^/$$ https://$FQDN/ipa/ui [L,NC,R=301] - -# Redirect to the fully-qualified hostname. Not redirecting to secure -# port so configuration files can be retrieved without requiring SSL. -RewriteCond %{HTTP_HOST} !^$FQDN$$ [NC] -RewriteRule ^/ipa/(.*) http://$FQDN/ipa/$$1 [L,R=301] - -# Redirect to the secure port if not displaying an error or retrieving -# configuration. -RewriteCond %{SERVER_PORT} !^443$$ -RewriteCond %{REQUEST_URI} !^/ipa/(errors|config) -RewriteRule ^/ipa/(.*) https://$FQDN/ipa/$$1 [L,R=301,NC] diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf deleted file mode 100644 index 85b4543a..00000000 --- a/ipa-server/xmlrpc-server/ipa.conf +++ /dev/null @@ -1,109 +0,0 @@ -# -# VERSION 2 - DO NOT REMOVE THIS LINE -# -# LoadModule auth_kerb_module modules/mod_auth_kerb.so - -ProxyRequests Off - -# ipa-rewrite.conf is loaded separately - -# This is required so the auto-configuration works with Firefox 2+ -AddType application/java-archive jar - -<ProxyMatch ^.*/ipa/ui.*$$> - AuthType Kerberos - AuthName "Kerberos Login" - KrbMethodNegotiate on - KrbMethodK5Passwd off - KrbServiceName HTTP - KrbAuthRealms $REALM - Krb5KeyTab /etc/httpd/conf/ipa.keytab - KrbSaveCredentials on - Require valid-user - ErrorDocument 401 /ipa/errors/unauthorized.html - RewriteEngine on - Order deny,allow - Allow from all - - RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e - - # RequestHeader unset Authorization -</ProxyMatch> - -# The URI's with a trailing ! are those that aren't handled by the proxy -ProxyPass /ipa/ui http://localhost:8080/ipa/ui -ProxyPassReverse /ipa/ui http://localhost:8080/ipa/ui - -# Configure the XML-RPC service -Alias /ipa/xml "/usr/share/ipa/ipaserver/XMLRPC" - -# This is where we redirect on failed auth -Alias /ipa/errors "/usr/share/ipa/html" - -# For the MIT Windows config files -Alias /ipa/config "/usr/share/ipa/html" - -<Directory "/usr/share/ipa/ipaserver"> - AuthType Kerberos - AuthName "Kerberos Login" - KrbMethodNegotiate on - KrbMethodK5Passwd off - KrbServiceName HTTP - KrbAuthRealms $REALM - Krb5KeyTab /etc/httpd/conf/ipa.keytab - KrbSaveCredentials on - Require valid-user - ErrorDocument 401 /ipa/errors/unauthorized.html - - SetHandler mod_python - PythonHandler ipaxmlrpc - - PythonDebug Off - - PythonOption IPADebug Off - - # this is pointless to use since it would just reload ipaxmlrpc.py - PythonAutoReload Off -</Directory> - -# Do no authentication on the directory that contains error messages -<Directory "/usr/share/ipa/html"> - AllowOverride None - Satisfy Any - Allow from all -</Directory> - -# Protect our CGIs -<Directory /var/www/cgi-bin> - AuthType Kerberos - AuthName "Kerberos Login" - KrbMethodNegotiate on - KrbMethodK5Passwd off - KrbServiceName HTTP - KrbAuthRealms $REALM - Krb5KeyTab /etc/httpd/conf/ipa.keytab - KrbSaveCredentials on - Require valid-user - ErrorDocument 401 /ipa/errors/unauthorized.html -</Directory> - -#Alias /ipatest "/usr/share/ipa/ipatest" - -#<Directory "/usr/share/ipa/ipatest"> -# AuthType Kerberos -# AuthName "Kerberos Login" -# KrbMethodNegotiate on -# KrbMethodK5Passwd off -# KrbServiceName HTTP -# KrbAuthRealms $REALM -# Krb5KeyTab /etc/httpd/conf/ipa.keytab -# KrbSaveCredentials on -# Require valid-user -# ErrorDocument 401 /ipa/errors/unauthorized.html -# -# SetHandler mod_python -# PythonHandler test_mod_python -# -# PythonDebug Off -# -#</Directory> diff --git a/ipa-server/xmlrpc-server/ssbrowser.html b/ipa-server/xmlrpc-server/ssbrowser.html deleted file mode 100644 index 37dbcb40..00000000 --- a/ipa-server/xmlrpc-server/ssbrowser.html +++ /dev/null @@ -1,68 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html> -<head> -<title>Browser Kerberos Setup</title> -</head> -<body> - <h2>Browser Kerberos Setup</h2> - <h3> Internet Explorer Configuration </h3> -<p>Once you are able to log into the workstation with your kerberos key you should be able to use that ticket in Internet Explorer. For illustration purposes his page will use EXAMPLE.COM as the sample realm and example.com for the domain. -</p> -<ul><li> Login to the Windows machine using an account of domain EXAMPLE.COM - -</li><li> In Internet Explorer, click Tools, and then click Internet Options. -</li></ul> -<ol><li> Click the Security tab. -</li><li> Click Local intranet. -</li><li> Click Sites -</li><li> Click Advanced -</li><li> Add *.example.com to the list - -</li></ol> -<ul><li> In Internet Explorer, click Tools, and then click Internet Options. -</li></ul> -<ol><li> Click the Security tab. -</li><li> Click Local intranet. -</li><li> Click Custom Level -</li><li> Select Automatic logon only in Intranet zone. -</li></ol> -<ul><li> Visit a kerberized web site using IE. You must use the fully-qualified DN in the URL. -</li><li> If all went right, it should work. - -</li></ul> -<h3 class="title">Firefox Configuration</h3> -<p> -You can configure Firefox to use Kerberos for Single Sign-on. In order for this functionality to work correctly, you need to configure your web browser to send your Kerberos credentials to the appropriate <span class="abbrev">KDC</span>.The following section describes the configuration changes and other requirements to achieve this. -</p> -<ol class="arabic"> -<li> -<p> -In the address bar of Firefox, type <b class="userinput"><tt>about:config</tt></b> to display the list of current configuration options. -</p> -</li> - -<li> -<p> -In the <span><b class="guilabel">Filter</b></span> field, type <b class="userinput"><tt>negotiate</tt></b> to restrict the list of options. -</p> -</li> -<li> -<p> -Double-click the <span class="emphasis"><em>network.negotiate-auth.trusted-uris</em></span> entry to display the <span class="emphasis"><em>Enter string value</em></span> dialog box. - -</p> -</li> -<li> -<p> -Enter the name of the domain against which you want to authenticate, for example, <i class="replaceable"><tt>.example.com</tt></i>. -</p> -</li> -<li> -<p> -Repeat the above procedure for the <span class="emphasis"><em>network.negotiate-auth.delegation-uris</em></span> entry, using the same domain. -</p> -</li> - -</ol> -</body> -</html> diff --git a/ipa-server/xmlrpc-server/unauthorized.html b/ipa-server/xmlrpc-server/unauthorized.html deleted file mode 100644 index 6ba8a99e..00000000 --- a/ipa-server/xmlrpc-server/unauthorized.html +++ /dev/null @@ -1,28 +0,0 @@ -<html> -<title>Kerberos Authentication Failed</h2> -<body> -<h2>Kerberos Authentication Failed</h2> -<p> -Unable to verify your Kerberos credentials. Please make sure -that you have valid Kerberos tickets (obtainable via kinit), and that you -have <a href="/ipa/errors/ssbrowser.html">configured your -browser correctly</a>. If you are still unable to access -the IPA Web interface, please contact the helpdesk on for additional assistance. -</p> -<p> -Import the <a href="/ipa/errors/ca.crt">IPA Certificate Authority</a>. -</p> -<p> -<script type="text/javascript"> - if (navigator.userAgent.indexOf("Firefox") != -1 || - navigator.userAgent.indexOf("SeaMonkey") != -1) - { - document.write("<p>You can automatically configure your browser to work with Kerberos by importing the Certificate Authority above and clicking on the Configure Browser button.</p>"); - document.write("<p>You <strong>must</strong> reload this page after importing the Certificate Authority for the automatic settings to work</p>"); - document.write("<object data=\"jar:/ipa/errors/configure.jar!/preferences.html\" type=\"text/html\"><\/object"); - } -</script> -</p> -</ul> -</body> -</html> |