Configure HTTPD to work via Gss-Proxy

https://fedorahosted.org/freeipa/ticket/4189 https://fedorahosted.org/freeipa/ticket/5959 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Simo Sorce <simo@redhat.com> 2016-11-29 11:10:22 -0500
committer: Jan Cholasta <jcholast@redhat.com> 2017-02-15 07:13:37 +0100
commit: d2f5fc304f1938d23171ae330fa20b213ceed54e (patch)
tree: b77e05211632aef8e08cb3cd937d8498d9391ed5 /ipaplatform/redhat
parent: b6741d81e187fc84177c12ef8ad900d3b5cda6a4 (diff)
download: freeipa-d2f5fc304f1938d23171ae330fa20b213ceed54e.tar.gz
freeipa-d2f5fc304f1938d23171ae330fa20b213ceed54e.tar.xz
freeipa-d2f5fc304f1938d23171ae330fa20b213ceed54e.zip
2 files changed, 15 insertions, 1 deletions
diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index cc5d67477..5d8e1ecaa 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -68,6 +68,7 @@ redhat_system_units['ods-enforcerd'] = 'ods-enforcerd.service'
 redhat_system_units['ods_enforcerd'] = redhat_system_units['ods-enforcerd']
 redhat_system_units['ods-signerd'] = 'ods-signerd.service'
 redhat_system_units['ods_signerd'] = redhat_system_units['ods-signerd']
+redhat_system_units['gssproxy'] = 'gssproxy.service'
 
 
 # Service classes that implement Red Hat OS family-specific behaviour
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 1191acd07..c9b1c49aa 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -451,7 +451,6 @@ class RedHatTaskNamespace(BaseTaskNamespace):
             os.path.join(paths.USR_SHARE_IPA_DIR, 'ipa-httpd.conf.template'),
             paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF,
             dict(
-                KRB5CC_HTTPD=paths.KRB5CC_HTTPD,
                 KDCPROXY_CONFIG=paths.KDCPROXY_CONFIG,
                 IPA_HTTPD_KDCPROXY=paths.IPA_HTTPD_KDCPROXY,
                 POST='-{kdestroy} -A'.format(kdestroy=paths.KDESTROY)
@@ -461,6 +460,20 @@ class RedHatTaskNamespace(BaseTaskNamespace):
         os.chmod(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF, 0o644)
         self.restore_context(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF)
 
+    def configure_http_gssproxy_conf(self):
+        ipautil.copy_template_file(
+            os.path.join(paths.USR_SHARE_IPA_DIR, 'gssproxy.conf.template'),
+            paths.GSSPROXY_CONF,
+            dict(
+                HTTP_KEYTAB=paths.HTTP_KEYTAB,
+                HTTP_CCACHE=paths.HTTP_CCACHE,
+                HTTPD_USER=constants.HTTPD_USER
+            )
+        )
+
+        os.chmod(paths.GSSPROXY_CONF, 0o600)
+        self.restore_context(paths.GSSPROXY_CONF)
+
     def remove_httpd_service_ipa_conf(self):
         """Remove systemd config for httpd service of IPA"""
         try:
author	Simo Sorce <simo@redhat.com>	2016-11-29 11:10:22 -0500
committer	Jan Cholasta <jcholast@redhat.com>	2017-02-15 07:13:37 +0100
commit	d2f5fc304f1938d23171ae330fa20b213ceed54e (patch)
tree	b77e05211632aef8e08cb3cd937d8498d9391ed5 /ipaplatform/redhat
parent	b6741d81e187fc84177c12ef8ad900d3b5cda6a4 (diff)
download	freeipa-d2f5fc304f1938d23171ae330fa20b213ceed54e.tar.gz freeipa-d2f5fc304f1938d23171ae330fa20b213ceed54e.tar.xz freeipa-d2f5fc304f1938d23171ae330fa20b213ceed54e.zip