.git, branch gssapi_test Unnamed repository; edit this file 'description' to name the repository. Pull the GSSAPI principal out of the userattrs 2015-05-06T20:00:24+00:00 Rob Crittenden rcritten@redhat.com 2015-05-05T16:37:31+00:00 dd6432197b3da4be32dd00c84bfe413ac04a802d This was originally getting the principal from the user object itself which meant it was looking for it in the database. Look in the attributes instead which are stored in the user session. Signed-off-by: Rob Crittenden <rcritten@redhat.com> 
This was originally getting the principal from the
user object itself which meant it was looking for
it in the database. Look in the attributes instead
which are stored in the user session.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Enable Kerberos NameID testing in testnameid 2015-05-06T20:00:24+00:00 Rob Crittenden rcritten@redhat.com 2015-05-05T15:27:14+00:00 b8ba1b440e0ddee478ed14480e608a2cfde10c7a Since there is now an easy way to stand up a KDC in the tests go ahead and enable it so the Kerberos NameID can be tested. Signed-off-by: Rob Crittenden <rcritten@redhat.com> 
Since there is now an easy way to stand up a KDC in the
tests go ahead and enable it so the Kerberos NameID can be
tested.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Configure a KDC, add test for GSSAPI/Kerberos 2015-05-06T20:00:24+00:00 Rob Crittenden rcritten@redhat.com 2015-04-28T14:52:55+00:00 9cbeccde3151029d70bedb0579482e10a5cbab7b Using nss_wrappers so we can control host names we can setup a KDC and test GSSAPI, including fallback to forms-based auth. This also means that fetch_page() needs to handle 401 a bit better, so it can re-try a failed authentication or fall back to forms-based auth. Note for posterity: if gss_localname() fails this is likely due to using the wrong krb5.conf in Apache, so pass in all environment variables. The KDC setup code was based heavily on the tests in the gssproxy project. https://fedorahosted.org/ipsilon/ticket/116 Signed-off-by: Rob Crittenden <rcritten@redhat.com> 
Using nss_wrappers so we can control host names we can
setup a KDC and test GSSAPI, including fallback to
forms-based auth.

This also means that fetch_page() needs to handle 401
a bit better, so it can re-try a failed authentication or
fall back to forms-based auth.

Note for posterity: if gss_localname() fails this is likely
due to using the wrong krb5.conf in Apache, so pass in all
environment variables.

The KDC setup code was based heavily on the tests in the
gssproxy project.

https://fedorahosted.org/ipsilon/ticket/116

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
SSSD info plugin is immutable if not preconfigured 2015-05-06T19:18:31+00:00 Simo Sorce simo@redhat.com 2015-05-06T15:47:46+00:00 e6a3656ab71faea8669af50ceeaf4d9a91fe0142 The SSSD info plugin configures SSSD and modules in Apache as root during installation. This cannot be done in the UI so we must not allow users to modify the state if it was not "preconfigured" during install. If it has been configured then users are allowed to enable/disable the plugin. This is controlled by a value stored in the info_config table, preconfigured. The plugin configuration is hidden from the UI by overridding the get_config_object() method. https://fedorahosted.org/ipsilon/ticket/111 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
The SSSD info plugin configures SSSD and modules in
Apache as root during installation. This cannot be
done in the UI so we must not allow users to modify
the state if it was not "preconfigured" during
install.

If it has been configured then users are allowed
to enable/disable the plugin.

This is controlled by a value stored in the
info_config table, preconfigured.

The plugin configuration is hidden from the UI by
overridding the get_config_object() method.

https://fedorahosted.org/ipsilon/ticket/111

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Drop usage of self._debug and use self.debug instead 2015-05-05T18:32:24+00:00 Rob Crittenden rcritten@redhat.com 2015-04-29T17:57:34+00:00 158c4cdefc0bd5b8dabe38685c1bebccc24d656b This method was deprecated but still used in a lot of places. https://fedorahosted.org/ipsilon/ticket/120 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
This method was deprecated but still used in a lot of places.

https://fedorahosted.org/ipsilon/ticket/120

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Fix lint issues with loginstack changes 2015-04-29T18:27:30+00:00 Rob Crittenden rcritten@redhat.com 2015-04-29T18:13:25+00:00 f54958e7101614a64d2dceb18b46d68a88130506 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merge the login and info plugins configurations 2015-04-29T17:30:04+00:00 Simo Sorce simo@redhat.com 2015-03-31T20:35:15+00:00 99b52607ee7ab82cc2b166f99c077ee53375fe1a Having separate login and info plugins configuration pages doesn't really make a lot of sense. As a first step moving towards login stacks put login and info plugin configuration into a common "Login Stack" menu item. https://fedorahosted.org/ipsilon/ticket/117 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
Having separate login and info plugins configuration pages doesn't
really make a lot of sense. As a first step moving towards login stacks
put login and info plugin configuration into a common "Login Stack"
menu item.

https://fedorahosted.org/ipsilon/ticket/117

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Change references to authkrb plugin to authgssapi 2015-04-28T21:30:07+00:00 Rob Crittenden rcritten@redhat.com 2015-04-28T19:16:54+00:00 68b9e1d3138784c3793f0a04c411f14168748692 With the switch to mod_auth_gssapi we aren't limited to only negotiated Kerberos so name the plugin to reflect this. https://fedorahosted.org/ipsilon/ticket/114 Signed-off-by: Rob Crittenden <rcritten@redhat.com> 
With the switch to mod_auth_gssapi we aren't limited to only
negotiated Kerberos so name the plugin to reflect this.

https://fedorahosted.org/ipsilon/ticket/114

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Rename authkrb plugin to authgssapi 2015-04-28T21:30:03+00:00 Rob Crittenden rcritten@redhat.com 2015-04-28T19:15:39+00:00 32863be5e39b0d031fafebe7391180d29967fa50 https://fedorahosted.org/ipsilon/ticket/114 Signed-off-by: Rob Crittenden <rcritten@redhat.com> 
https://fedorahosted.org/ipsilon/ticket/114

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Insert a small timeout before reporting the test successful 2015-04-28T19:50:28+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2015-04-28T18:26:40+00:00 f1ecda1fe05e3f7d5c0a1a5d33d11c619442416f This is so the OS gets enough time to clean up all of the sockets used during the execution of the test. Without this, sometimes a "port already in use" error will fail the next test. Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
This is so the OS gets enough time to clean up all
of the sockets used during the execution of the test.
Without this, sometimes a "port already in use" error
will fail the next test.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>