diff options
| author | Simo Sorce <simo@redhat.com> | 2016-11-29 11:10:22 -0500 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2017-02-15 07:13:37 +0100 |
| commit | d2f5fc304f1938d23171ae330fa20b213ceed54e (patch) | |
| tree | b77e05211632aef8e08cb3cd937d8498d9391ed5 /install | |
| parent | b6741d81e187fc84177c12ef8ad900d3b5cda6a4 (diff) | |
| download | freeipa-d2f5fc304f1938d23171ae330fa20b213ceed54e.tar.gz freeipa-d2f5fc304f1938d23171ae330fa20b213ceed54e.tar.xz freeipa-d2f5fc304f1938d23171ae330fa20b213ceed54e.zip | |
Configure HTTPD to work via Gss-Proxy
https://fedorahosted.org/freeipa/ticket/4189
https://fedorahosted.org/freeipa/ticket/5959
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'install')
| -rw-r--r-- | install/Makefile.am | 1 | ||||
| -rw-r--r-- | install/conf/ipa.conf | 2 | ||||
| -rw-r--r-- | install/share/Makefile.am | 1 | ||||
| -rw-r--r-- | install/share/gssproxy.conf.template | 8 | ||||
| -rw-r--r-- | install/share/ipa-httpd.conf.template | 2 |
5 files changed, 11 insertions, 3 deletions
diff --git a/install/Makefile.am b/install/Makefile.am index 845e751d6..f895bccd2 100644 --- a/install/Makefile.am +++ b/install/Makefile.am @@ -21,6 +21,7 @@ SUBDIRS = \ install-exec-local: $(INSTALL) -d -m 700 $(DESTDIR)$(IPA_SYSCONF_DIR)/custodia $(INSTALL) -d -m 700 $(DESTDIR)$(localstatedir)/lib/ipa/backup + $(INSTALL) -d -m 700 $(DESTDIR)$(localstatedir)/lib/ipa/gssproxy $(INSTALL) -d -m 700 $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore $(INSTALL) -d -m 700 $(DESTDIR)$(localstatedir)/lib/ipa/sysupgrade $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/lib/ipa/pki-ca diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index ce2ea74a1..c1b10d035 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -69,8 +69,6 @@ WSGIScriptReloading Off SessionHeader IPASESSION GssapiSessionKey file:/etc/httpd/alias/ipasession.key - GssapiCredStore keytab:/etc/httpd/conf/ipa.keytab - GssapiCredStore client_keytab:/etc/httpd/conf/ipa.keytab GssapiDelegCcacheDir /var/run/ipa/ccaches GssapiUseS4U2Proxy on GssapiAllowedMech krb5 diff --git a/install/share/Makefile.am b/install/share/Makefile.am index bb09c9882..c58e1d2dd 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -90,6 +90,7 @@ dist_app_DATA = \ ipa-httpd.conf.template \ gssapi.login \ ipa.conf.tmpfiles \ + gssproxy.conf.template \ $(NULL) kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy diff --git a/install/share/gssproxy.conf.template b/install/share/gssproxy.conf.template new file mode 100644 index 000000000..cb5775de6 --- /dev/null +++ b/install/share/gssproxy.conf.template @@ -0,0 +1,8 @@ +#Installed and maintained by ipa update tools, please do not modify +[service/ipa-httpd] + mechs = krb5 + cred_store = keytab:$HTTP_KEYTAB + cred_store = client_keytab:$HTTP_KEYTAB + allow_protocol_transition = true + cred_usage = both + euid = $HTTPD_USER diff --git a/install/share/ipa-httpd.conf.template b/install/share/ipa-httpd.conf.template index a907d73cc..8822066ba 100644 --- a/install/share/ipa-httpd.conf.template +++ b/install/share/ipa-httpd.conf.template @@ -1,7 +1,7 @@ # Do not edit. Created by IPA installer. [Service] -Environment=KRB5CCNAME=$KRB5CC_HTTPD +Environment=GSS_USE_PROXY=yes Environment=KDCPROXY_CONFIG=$KDCPROXY_CONFIG ExecStartPre=$IPA_HTTPD_KDCPROXY ExecStopPost=$POST |