summaryrefslogtreecommitdiffstats
path: root/ipsilon/login/authkrb.py
Commit message (Collapse)AuthorAgeFilesLines
* Use mod_auth_gssapi instead of mod_auth_kerbRob Crittenden2015-04-171-18/+12
| | | | | | | | | | | | | | | Change configuration on new installs only. Enable GssapiLocalName so we have access to the local name in REMOTE_USER and the full principle in GSS_NAME. Enable GssapiSSLonly even though SSLRequireSSL is also set. The belt and suspenders principla. https://fedorahosted.org/ipsilon/ticket/89 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add uninstallation support.Patrick Uiterwijk2015-02-261-3/+4
| | | | | | | | | As part of this, made all plugins use a Installer baseclass. https://fedorahosted.org/ipsilon/ticket/38 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
* Fix file permissions and remove shebang'sPatrick Uiterwijk2014-12-161-2/+0
| | | | | Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Refactor plugin initialization and enablementSimo Sorce2014-11-121-14/+13
| | | | | | | | | | | | Move most plugin enablement and initialization code in plugin.py to reduce code duplication and simplify and unifify plugin enablement for all base plugin types (login, info, providers). This patch breaks backwards compatibility as it changes how the list of enabled plugins is stored in the database tables. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Refactor plugin configurationSimo Sorce2014-11-121-0/+1
| | | | | | | | | | | | | | | Fork a PluginConfig class out of PluginObject, the base object now supports a simple dictionary config, while using PluginConfig provide access to structured util.config based configuration. Change UI code that deal with plugins configuration to properly use the new structured config objects in order to represent data in appropriate format based on the data type. Use the new util.config objects to represent plugins configuration. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* In configure we do not need to set_config()Simo Sorce2014-11-121-2/+1
| | | | | | | | | All we care about in configure is to store the config in the db, so skip setting the config explicitly in the plugin object and go straight to the database. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Handle invalid/expired transactions gracefullySimo Sorce2014-10-241-3/+3
| | | | | | | | | Return a useful error page every time and invalid or expired transaction is requested, instead of ending up with an internal backtrace and an ugly 500 error. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Fix mod_auth_kerb based authenticationSimo Sorce2014-10-091-1/+5
| | | | | | | | Recent changes in how self.user is populated broke krb based auth. Explicitly check the remote user in the module to fix it. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Use transactions throughout the codeSimo Sorce2014-09-241-3/+6
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Use helper cookie to remember the usernameSimo Sorce2014-09-241-1/+1
| | | | | | | | | This makes the login page a lot more friendy Available only over HTTPS Max age set to 15 days Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Fix E713 with stricter pep8 error checkerSimo Sorce2014-05-201-1/+1
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add 500 Error handler for krb moduleSimo Sorce2014-05-071-0/+2
| | | | | | | If mod_auth_kerb encounters an internal error, catch it so we can fall back to the next authentication module, if any, or return a proper failure message. Signed-off-by: Simo Sorce <simo@redhat.com>
* Make it easy to install mutiple server instancesSimo Sorce2014-04-211-13/+10
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add Krb configuration codeSimo Sorce2014-03-201-0/+66
|
* Add server-install plugin configuration supportSimo Sorce2014-03-201-0/+15
| | | | | | | Automatically find plugins installed in the system and exposes their installation and configuration functions through the installer. Signed-off-by: Simo Sorce <simo@redhat.com>
* Remove unused import and fix syntaxSimo Sorce2014-03-191-2/+1
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add way to return Kerberos nameid if availableSimo Sorce2014-03-021-2/+4
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add Kerberos Negotiate auth pluginSimo Sorce2014-01-241-0/+80
This plugin depends on the proper configuration of mod_auth_kerb The mod_auth_kerb plugin should be configured with a <Location> directive like the folowing: <Location /idp/login/krb/negotiate> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on KrbMethodK5Passwd off KrbServiceName HTTP KrbAuthRealms $REALM_NAME Krb5KeyTab $KEYTAB_NAME KrbSaveCredentials off KrbConstrainedDelegation off Require valid-user ErrorDocument 401 /idp/login/krb/unauthorized </Location> Signed-off-by: Simo Sorce <simo@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-04 09:16:08 +0000