summaryrefslogtreecommitdiffstats
path: root/install/conf
diff options
context:
space:
mode:
Diffstat (limited to 'install/conf')
-rw-r--r--install/conf/Makefile.am1
-rw-r--r--install/conf/ipa-kdc-proxy.conf.template30
-rw-r--r--install/conf/ipa.conf6
3 files changed, 34 insertions, 3 deletions
diff --git a/install/conf/Makefile.am b/install/conf/Makefile.am
index 65e25bc94..5daac776f 100644
--- a/install/conf/Makefile.am
+++ b/install/conf/Makefile.am
@@ -3,6 +3,7 @@ NULL =
appdir = $(IPA_DATA_DIR)
app_DATA = \
ipa.conf \
+ ipa-kdc-proxy.conf.template \
ipa-pki-proxy.conf \
ipa-rewrite.conf \
$(NULL)
diff --git a/install/conf/ipa-kdc-proxy.conf.template b/install/conf/ipa-kdc-proxy.conf.template
new file mode 100644
index 000000000..9290cebba
--- /dev/null
+++ b/install/conf/ipa-kdc-proxy.conf.template
@@ -0,0 +1,30 @@
+# Kerberos over HTTP / MS-KKDCP support (Kerberos KDC Proxy)
+#
+# The symlink from /etc/ipa/kdcproxy/ to /etc/httpd/conf.d/ is maintained
+# by the ExecStartPre script /usr/libexec/ipa/ipa-httpd-kdcproxy in
+# httpd.service. The service also sets the environment variable
+# KDCPROXY_CONFIG to $KDCPROXY_CONFIG.
+#
+# Disable KDC Proxy on the current host:
+# # ipa-ldap-updater /usr/share/ipa/kdcproxy-disable.uldif
+# # systemctl restart httpd.service
+#
+# Enable KDC Proxy on the current host:
+# # ipa-ldap-updater /usr/share/ipa/kdcproxy-enable.uldif
+# # systemctl restart httpd.service
+#
+
+WSGIDaemonProcess kdcproxy processes=2 threads=15 maximum-requests=5000 \
+ user=kdcproxy group=kdcproxy display-name=%{GROUP}
+WSGIImportScript /usr/lib/python2.7/site-packages/kdcproxy/__init__.py \
+ process-group=kdcproxy application-group=kdcproxy
+WSGIScriptAlias /KdcProxy /usr/lib/python2.7/site-packages/kdcproxy/__init__.py
+WSGIScriptReloading Off
+
+<Location "/KdcProxy">
+ Satisfy Any
+ Order Deny,Allow
+ Allow from all
+ WSGIProcessGroup kdcproxy
+ WSGIApplicationGroup kdcproxy
+</Location>
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index 57de2f1a9..e2b602c85 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -41,9 +41,7 @@ WSGISocketPrefix /run/httpd/wsgi
# Configure mod_wsgi handler for /ipa
-WSGIDaemonProcess ipa processes=2 threads=1 maximum-requests=500
-WSGIProcessGroup ipa
-WSGIApplicationGroup ipa
+WSGIDaemonProcess ipa processes=2 threads=1 maximum-requests=500 display-name=%{GROUP}
WSGIImportScript /usr/share/ipa/wsgi.py process-group=ipa application-group=ipa
WSGIScriptAlias /ipa /usr/share/ipa/wsgi.py
WSGIScriptReloading Off
@@ -70,6 +68,8 @@ WSGIScriptReloading Off
GssapiUseS4U2Proxy on
Require valid-user
ErrorDocument 401 /ipa/errors/unauthorized.html
+ WSGIProcessGroup ipa
+ WSGIApplicationGroup ipa
</Location>
# Turn off Apache authentication for sessions