Configure HTTPD to work via Gss-Proxy

https://fedorahosted.org/freeipa/ticket/4189
https://fedorahosted.org/freeipa/ticket/5959

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>

1 files changed, 14 insertions, 1 deletions

diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 1191acd07..c9b1c49aa 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -451,7 +451,6 @@ class RedHatTaskNamespace(BaseTaskNamespace):
             os.path.join(paths.USR_SHARE_IPA_DIR, 'ipa-httpd.conf.template'),
             paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF,
             dict(
-                KRB5CC_HTTPD=paths.KRB5CC_HTTPD,
                 KDCPROXY_CONFIG=paths.KDCPROXY_CONFIG,
                 IPA_HTTPD_KDCPROXY=paths.IPA_HTTPD_KDCPROXY,
                 POST='-{kdestroy} -A'.format(kdestroy=paths.KDESTROY)
@@ -461,6 +460,20 @@ class RedHatTaskNamespace(BaseTaskNamespace):
         os.chmod(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF, 0o644)
         self.restore_context(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF)
 
+    def configure_http_gssproxy_conf(self):
+        ipautil.copy_template_file(
+            os.path.join(paths.USR_SHARE_IPA_DIR, 'gssproxy.conf.template'),
+            paths.GSSPROXY_CONF,
+            dict(
+                HTTP_KEYTAB=paths.HTTP_KEYTAB,
+                HTTP_CCACHE=paths.HTTP_CCACHE,
+                HTTPD_USER=constants.HTTPD_USER
+            )
+        )
+
+        os.chmod(paths.GSSPROXY_CONF, 0o600)
+        self.restore_context(paths.GSSPROXY_CONF)
+
     def remove_httpd_service_ipa_conf(self):
         """Remove systemd config for httpd service of IPA"""
         try: