From 0b578c4a5961baf85275a5cbc93676aca61758b5 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 18 Apr 2014 00:43:37 -0400 Subject: Make it easy to install mutiple server instances Signed-off-by: Simo Sorce --- ipsilon/login/authkrb.py | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) (limited to 'ipsilon/login') diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py index d012ea8..c67b93b 100755 --- a/ipsilon/login/authkrb.py +++ b/ipsilon/login/authkrb.py @@ -87,7 +87,7 @@ plugin for actual authentication. """ CONF_TEMPLATE = """ - + AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on @@ -100,7 +100,7 @@ CONF_TEMPLATE = """ # KrbLocalUserMapping On Require valid-user - ErrorDocument 401 /idp/login/krb/unauthorized + ErrorDocument 401 /${instance}/login/krb/unauthorized """ @@ -124,23 +124,20 @@ class Installer(object): if opts['krb'] != 'yes': return - keytab = ' # Krb5KeyTab - No Keytab provided' - if opts['krb_httpd_keytab'] is None: - if os.path.exists('/etc/httpd/conf/http.keytab'): - keytab = ' Krb5KeyTab /etc/httpd/conf/http.keytab' + confopts = {'instance': opts['instance']} + + if os.path.exists(opts['krb_httpd_keytab']): + confopts['keytab'] = ' Krb5KeyTab %s' % opts['krb_httpd_keytab'] else: - if os.path.exists(opts['krb_httpd_keytab']): - keytab = ' Krb5KeyTab %s' % opts['krb_httpd_keytab'] - else: - raise Exception('Keytab not found') + raise Exception('Keytab not found') if opts['krb_realms'] is None: - realms = ' # KrbAuthRealms - Any trusted realm is allowed' + confopts['realms'] = ' # KrbAuthRealms - Any realm is allowed' else: - realms = ' KrbAuthRealms %s' % opts['krb_realms'] + confopts['realms'] = ' KrbAuthRealms %s' % opts['krb_realms'] tmpl = Template(CONF_TEMPLATE) - hunk = tmpl.substitute(keytab=keytab, realms=realms) + hunk = tmpl.substitute(**confopts) # pylint: disable=star-args with open(opts['httpd_conf'], 'a') as httpd_conf: httpd_conf.write(hunk) -- cgit