summaryrefslogtreecommitdiffstats
path: root/install/conf/ipa.conf
blob: f5987fbea8704275d615b60ae330e36489042942 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
#
# VERSION 2 - DO NOT REMOVE THIS LINE
#
# LoadModule auth_kerb_module modules/mod_auth_kerb.so

ProxyRequests Off
PythonImport ipaserver main_interpreter

# ipa-rewrite.conf is loaded separately

# This is required so the auto-configuration works with Firefox 2+
AddType application/java-archive        jar



<Location "/ipa">
  AuthType Kerberos
  AuthName "Kerberos Login"
  KrbMethodNegotiate on
  KrbMethodK5Passwd off
  KrbServiceName HTTP
  KrbAuthRealms $REALM
  Krb5KeyTab /etc/httpd/conf/ipa.keytab
  KrbSaveCredentials on
  Require valid-user
  ErrorDocument 401 /ipa/errors/unauthorized.html

  SetHandler python-program
  PythonInterpreter main_interpreter
  PythonHandler ipaserver::handler
  PythonDebug Off
  PythonOption SCRIPT_NAME /ipa
  PythonAutoReload Off

</Location>

#<Location "/ipa/xml">
#  SetHandler python-program
#  PythonInterpreter main_interpreter
#  PythonHandler ipaserver::xmlrpc
#  PythonDebug Off
#  PythonOption SCRIPT_NAME /ipa/xml
#  PythonAutoReload Off
#</Location>

#<Location "/ipa/json">
#  SetHandler python-program
#  PythonInterpreter main_interpreter
#  PythonHandler ipaserver::jsonrpc
#  PythonDebug Off
#  PythonOption SCRIPT_NAME /ipa/json
#  PythonAutoReload Off
#</Location>

#<Location "/ipa/ui">
#  SetHandler python-program
#  PythonInterpreter main_interpreter
#  PythonHandler ipaserver::webui
#  PythonDebug Off
#  PythonOption SCRIPT_NAME /ipa/ui
#  PythonAutoReload Off
#</Location>

Alias /ipa-assets/ "/var/cache/ipa/assets/"
<Directory "/var/cache/ipa/assets">
  Allow from all
  AllowOverride None
  # add Indexes to Options to allow browsing
  Options FollowSymLinks
  ExpiresActive On
  ExpiresDefault A31536000
</Directory>


<Location "/ipa/errors">
  SetHandler None
</Location>

<Location "/ipa/config">
  SetHandler None
</Location>

<Location "/ipa/crl">
  SetHandler None
</Location>


# This is where we redirect on failed auth
Alias /ipa/errors "/usr/share/ipa/html"

# For the MIT Windows config files
Alias /ipa/config "/usr/share/ipa/html"

# Do no authentication on the directory that contains error messages
<Directory "/usr/share/ipa/html">
  SetHandler None
  AllowOverride None
  Satisfy Any
  Allow from all
</Directory>


# For CRL publishing
Alias /ipa/crl "/var/lib/pki-ca/publish"

<Directory "/var/lib/pki-ca/publish">
  SetHandler None
  AllowOverride None
  Options Indexes FollowSymLinks
  Satisfy Any
  Allow from all
</Directory>

# Protect our CGIs
<Directory /var/www/cgi-bin>
  AuthType Kerberos
  AuthName "Kerberos Login"
  KrbMethodNegotiate on
  KrbMethodK5Passwd off
  KrbServiceName HTTP
  KrbAuthRealms $REALM
  Krb5KeyTab /etc/httpd/conf/ipa.keytab
  KrbSaveCredentials on
  Require valid-user
  ErrorDocument 401 /ipa/errors/unauthorized.html
</Directory>

# migration related pages
Alias /ipa/migration "/usr/share/ipa/migration"

<Directory "/usr/share/ipa/migration">
    AllowOverride None
    Satisfy Any
    Allow from all

    AddHandler mod_python .py
    PythonHandler mod_python.publisher
</Directory>

#Alias /ipatest "/usr/share/ipa/ipatest"

#<Directory "/usr/share/ipa/ipatest">
#  AuthType Kerberos
#  AuthName "Kerberos Login"
#  KrbMethodNegotiate on
#  KrbMethodK5Passwd off
#  KrbServiceName HTTP
#  KrbAuthRealms $REALM
#  Krb5KeyTab /etc/httpd/conf/ipa.keytab
#  KrbSaveCredentials on
#  Require valid-user
#  ErrorDocument 401 /ipa/errors/unauthorized.html
#
#  SetHandler mod_python
#  PythonHandler test_mod_python
#
#  PythonDebug Off
#
#</Directory>