mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Create configuration for MIT Windows kerberos client and install into
http://hostname/config so users can point their MIT client at the IPA server and automatically fetch the configuration.
This commit is contained in:
parent
859291a706
commit
e40c583b12
@ -12,6 +12,9 @@ app_DATA = \
|
||||
certmap.conf.template \
|
||||
kdc.conf.template \
|
||||
krb5.conf.template \
|
||||
krb5.ini.template \
|
||||
krb.con.template \
|
||||
krbrealm.con.template \
|
||||
$(NULL)
|
||||
|
||||
EXTRA_DIST = \
|
||||
|
2
ipa-server/ipa-install/share/krb.con.template
Normal file
2
ipa-server/ipa-install/share/krb.con.template
Normal file
@ -0,0 +1,2 @@
|
||||
$REALM $DOMAIN
|
||||
$REALM $DOMAIN admin server
|
19
ipa-server/ipa-install/share/krb5.ini.template
Normal file
19
ipa-server/ipa-install/share/krb5.ini.template
Normal file
@ -0,0 +1,19 @@
|
||||
[libdefaults]
|
||||
default_realm = $REALM
|
||||
krb4_config = /usr/kerberos/lib/krb.conf
|
||||
krb4_realms = /usr/kerberos/lib/krb.realms
|
||||
dns_lookup_kdc = true
|
||||
|
||||
[realms]
|
||||
$REALM = {
|
||||
admin_server = $FQDN
|
||||
kdc = $FQDN
|
||||
default_domain = $REALM
|
||||
}
|
||||
|
||||
[domain_realm]
|
||||
.$DOMAIN = $REALM
|
||||
$DOMAIN = $REALM
|
||||
|
||||
[logging]
|
||||
# kdc = CONSOLE
|
3
ipa-server/ipa-install/share/krbrealm.con.template
Normal file
3
ipa-server/ipa-install/share/krbrealm.con.template
Normal file
@ -0,0 +1,3 @@
|
||||
.$REALM $REALM
|
||||
.$REALM. $REALM
|
||||
$REALM $REALM
|
@ -175,6 +175,22 @@ class KrbInstance:
|
||||
krb5_fd.write(krb5_conf)
|
||||
krb5_fd.close()
|
||||
|
||||
# Windows configuration files
|
||||
krb5_ini = template_file(SHARE_DIR+"krb5.ini.template", self.sub_dict)
|
||||
krb5_fd = open("/usr/share/ipa/html/krb5.ini", "w+")
|
||||
krb5_fd.write(krb5_ini)
|
||||
krb5_fd.close()
|
||||
|
||||
krb_con = template_file(SHARE_DIR+"krb.con.template", self.sub_dict)
|
||||
krb_fd = open("/usr/share/ipa/html/krb.con", "w+")
|
||||
krb_fd.write(krb_con)
|
||||
krb_fd.close()
|
||||
|
||||
krb_realm = template_file(SHARE_DIR+"krbrealm.con.template", self.sub_dict)
|
||||
krb_fd = open("/usr/share/ipa/html/krbrealm.con", "w+")
|
||||
krb_fd.write(krb_realm)
|
||||
krb_fd.close()
|
||||
|
||||
#populate the directory with the realm structure
|
||||
args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
|
||||
try:
|
||||
|
@ -6,7 +6,7 @@ ProxyRequests Off
|
||||
RewriteEngine on
|
||||
|
||||
RewriteCond %{SERVER_PORT} !^443$$
|
||||
RewriteCond %{REQUEST_URI} !^/(errors)/
|
||||
RewriteCond %{REQUEST_URI} !^/(errors|config)/
|
||||
RewriteRule ^/(.*) https://%{SERVER_NAME}/$$1 [L,R,NC]
|
||||
|
||||
<Proxy *>
|
||||
@ -37,11 +37,13 @@ RewriteRule ^/(.*) https://%{SERVER_NAME}/$$1 [L,R,NC]
|
||||
# The URI's with a trailing ! are those that aren't handled by the proxy
|
||||
ProxyPass /cgi-bin !
|
||||
ProxyPass /errors !
|
||||
ProxyPass /config !
|
||||
ProxyPass /ipa !
|
||||
#ProxyPass /ipatest !
|
||||
ProxyPass / http://localhost:8080/
|
||||
ProxyPassReverse /cgi-bin !
|
||||
ProxyPassReverse /errors !
|
||||
ProxyPassReverse /config !
|
||||
ProxyPassReverse /ipa !
|
||||
#ProxyPassReverse /ipatest !
|
||||
ProxyPassReverse / http://localhost:8080/
|
||||
@ -50,6 +52,7 @@ ProxyPassReverse / http://localhost:8080/
|
||||
|
||||
Alias /ipa "/usr/share/ipa/ipaserver/XMLRPC"
|
||||
Alias /errors "/usr/share/ipa/html"
|
||||
Alias /config "/usr/share/ipa/html"
|
||||
|
||||
<Directory "/usr/share/ipa/ipaserver">
|
||||
AuthType Kerberos
|
||||
|
Loading…
Reference in New Issue
Block a user