diff options
author | Rob Crittenden <rcritten@redhat.com> | 2015-04-28 10:52:55 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-05-07 10:44:45 -0400 |
commit | b34a4553cf8c60453fbef245d7d844a30339c734 (patch) | |
tree | 8125ac3a49605a61ee9d5e16896af1a96e41820d /tests/httpd.conf | |
parent | aa5dc3b417db962a075a092d0d3528010c1059f7 (diff) | |
download | ipsilon.git-b34a4553cf8c60453fbef245d7d844a30339c734.tar.gz ipsilon.git-b34a4553cf8c60453fbef245d7d844a30339c734.tar.xz ipsilon.git-b34a4553cf8c60453fbef245d7d844a30339c734.zip |
Configure a KDC, add test for GSSAPI/Kerberos
Using nss_wrappers so we can control host names we can
setup a KDC and test GSSAPI, including fallback to
forms-based auth.
This also means that fetch_page() needs to handle 401
a bit better, so it can re-try a failed authentication or
fall back to forms-based auth.
Note for posterity: if gss_localname() fails this is likely
due to using the wrong krb5.conf in Apache, so pass in all
environment variables.
The KDC setup code was based heavily on the tests in the
gssproxy project.
https://fedorahosted.org/ipsilon/ticket/116
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'tests/httpd.conf')
-rw-r--r-- | tests/httpd.conf | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/tests/httpd.conf b/tests/httpd.conf index a326523..94551c3 100644 --- a/tests/httpd.conf +++ b/tests/httpd.conf @@ -1,5 +1,5 @@ ServerRoot "${HTTPROOT}" -ServerName localhost +ServerName idp.ipsilon.dev Listen ${HTTPADDR}:${HTTPPORT} LoadModule access_compat_module modules/mod_access_compat.so @@ -63,8 +63,10 @@ LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule mpm_prefork_module modules/mod_mpm_prefork.so LoadModule wsgi_module modules/mod_wsgi.so +LoadModule auth_gssapi_module modules/mod_auth_gssapi.so LoadModule auth_mellon_module modules/mod_auth_mellon.so + <Directory /> AllowOverride none Require all denied |