diff options
Diffstat (limited to 'install/conf')
| -rw-r--r-- | install/conf/Makefile.am | 1 | ||||
| -rw-r--r-- | install/conf/ipa-kdc-proxy.conf.template | 30 | ||||
| -rw-r--r-- | install/conf/ipa.conf | 6 |
3 files changed, 34 insertions, 3 deletions
diff --git a/install/conf/Makefile.am b/install/conf/Makefile.am index 65e25bc94..5daac776f 100644 --- a/install/conf/Makefile.am +++ b/install/conf/Makefile.am @@ -3,6 +3,7 @@ NULL = appdir = $(IPA_DATA_DIR) app_DATA = \ ipa.conf \ + ipa-kdc-proxy.conf.template \ ipa-pki-proxy.conf \ ipa-rewrite.conf \ $(NULL) diff --git a/install/conf/ipa-kdc-proxy.conf.template b/install/conf/ipa-kdc-proxy.conf.template new file mode 100644 index 000000000..9290cebba --- /dev/null +++ b/install/conf/ipa-kdc-proxy.conf.template @@ -0,0 +1,30 @@ +# Kerberos over HTTP / MS-KKDCP support (Kerberos KDC Proxy) +# +# The symlink from /etc/ipa/kdcproxy/ to /etc/httpd/conf.d/ is maintained +# by the ExecStartPre script /usr/libexec/ipa/ipa-httpd-kdcproxy in +# httpd.service. The service also sets the environment variable +# KDCPROXY_CONFIG to $KDCPROXY_CONFIG. +# +# Disable KDC Proxy on the current host: +# # ipa-ldap-updater /usr/share/ipa/kdcproxy-disable.uldif +# # systemctl restart httpd.service +# +# Enable KDC Proxy on the current host: +# # ipa-ldap-updater /usr/share/ipa/kdcproxy-enable.uldif +# # systemctl restart httpd.service +# + +WSGIDaemonProcess kdcproxy processes=2 threads=15 maximum-requests=5000 \ + user=kdcproxy group=kdcproxy display-name=%{GROUP} +WSGIImportScript /usr/lib/python2.7/site-packages/kdcproxy/__init__.py \ + process-group=kdcproxy application-group=kdcproxy +WSGIScriptAlias /KdcProxy /usr/lib/python2.7/site-packages/kdcproxy/__init__.py +WSGIScriptReloading Off + +<Location "/KdcProxy"> + Satisfy Any + Order Deny,Allow + Allow from all + WSGIProcessGroup kdcproxy + WSGIApplicationGroup kdcproxy +</Location> diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 57de2f1a9..e2b602c85 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -41,9 +41,7 @@ WSGISocketPrefix /run/httpd/wsgi # Configure mod_wsgi handler for /ipa -WSGIDaemonProcess ipa processes=2 threads=1 maximum-requests=500 -WSGIProcessGroup ipa -WSGIApplicationGroup ipa +WSGIDaemonProcess ipa processes=2 threads=1 maximum-requests=500 display-name=%{GROUP} WSGIImportScript /usr/share/ipa/wsgi.py process-group=ipa application-group=ipa WSGIScriptAlias /ipa /usr/share/ipa/wsgi.py WSGIScriptReloading Off @@ -70,6 +68,8 @@ WSGIScriptReloading Off GssapiUseS4U2Proxy on Require valid-user ErrorDocument 401 /ipa/errors/unauthorized.html + WSGIProcessGroup ipa + WSGIApplicationGroup ipa </Location> # Turn off Apache authentication for sessions |