Create configuration for MIT Windows kerberos client and install into

http://hostname/config so users can point their MIT client at the IPA
server and automatically fetch the configuration.
This commit is contained in:
Rob Crittenden 2007-10-29 12:00:48 -04:00
parent 859291a706
commit e40c583b12
6 changed files with 47 additions and 1 deletions

View File

@ -12,6 +12,9 @@ app_DATA = \
certmap.conf.template \ certmap.conf.template \
kdc.conf.template \ kdc.conf.template \
krb5.conf.template \ krb5.conf.template \
krb5.ini.template \
krb.con.template \
krbrealm.con.template \
$(NULL) $(NULL)
EXTRA_DIST = \ EXTRA_DIST = \

View File

@ -0,0 +1,2 @@
$REALM $DOMAIN
$REALM $DOMAIN admin server

View File

@ -0,0 +1,19 @@
[libdefaults]
default_realm = $REALM
krb4_config = /usr/kerberos/lib/krb.conf
krb4_realms = /usr/kerberos/lib/krb.realms
dns_lookup_kdc = true
[realms]
$REALM = {
admin_server = $FQDN
kdc = $FQDN
default_domain = $REALM
}
[domain_realm]
.$DOMAIN = $REALM
$DOMAIN = $REALM
[logging]
# kdc = CONSOLE

View File

@ -0,0 +1,3 @@
.$REALM $REALM
.$REALM. $REALM
$REALM $REALM

View File

@ -175,6 +175,22 @@ class KrbInstance:
krb5_fd.write(krb5_conf) krb5_fd.write(krb5_conf)
krb5_fd.close() krb5_fd.close()
# Windows configuration files
krb5_ini = template_file(SHARE_DIR+"krb5.ini.template", self.sub_dict)
krb5_fd = open("/usr/share/ipa/html/krb5.ini", "w+")
krb5_fd.write(krb5_ini)
krb5_fd.close()
krb_con = template_file(SHARE_DIR+"krb.con.template", self.sub_dict)
krb_fd = open("/usr/share/ipa/html/krb.con", "w+")
krb_fd.write(krb_con)
krb_fd.close()
krb_realm = template_file(SHARE_DIR+"krbrealm.con.template", self.sub_dict)
krb_fd = open("/usr/share/ipa/html/krbrealm.con", "w+")
krb_fd.write(krb_realm)
krb_fd.close()
#populate the directory with the realm structure #populate the directory with the realm structure
args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"] args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
try: try:

View File

@ -6,7 +6,7 @@ ProxyRequests Off
RewriteEngine on RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$$ RewriteCond %{SERVER_PORT} !^443$$
RewriteCond %{REQUEST_URI} !^/(errors)/ RewriteCond %{REQUEST_URI} !^/(errors|config)/
RewriteRule ^/(.*) https://%{SERVER_NAME}/$$1 [L,R,NC] RewriteRule ^/(.*) https://%{SERVER_NAME}/$$1 [L,R,NC]
<Proxy *> <Proxy *>
@ -37,11 +37,13 @@ RewriteRule ^/(.*) https://%{SERVER_NAME}/$$1 [L,R,NC]
# The URI's with a trailing ! are those that aren't handled by the proxy # The URI's with a trailing ! are those that aren't handled by the proxy
ProxyPass /cgi-bin ! ProxyPass /cgi-bin !
ProxyPass /errors ! ProxyPass /errors !
ProxyPass /config !
ProxyPass /ipa ! ProxyPass /ipa !
#ProxyPass /ipatest ! #ProxyPass /ipatest !
ProxyPass / http://localhost:8080/ ProxyPass / http://localhost:8080/
ProxyPassReverse /cgi-bin ! ProxyPassReverse /cgi-bin !
ProxyPassReverse /errors ! ProxyPassReverse /errors !
ProxyPassReverse /config !
ProxyPassReverse /ipa ! ProxyPassReverse /ipa !
#ProxyPassReverse /ipatest ! #ProxyPassReverse /ipatest !
ProxyPassReverse / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/
@ -50,6 +52,7 @@ ProxyPassReverse / http://localhost:8080/
Alias /ipa "/usr/share/ipa/ipaserver/XMLRPC" Alias /ipa "/usr/share/ipa/ipaserver/XMLRPC"
Alias /errors "/usr/share/ipa/html" Alias /errors "/usr/share/ipa/html"
Alias /config "/usr/share/ipa/html"
<Directory "/usr/share/ipa/ipaserver"> <Directory "/usr/share/ipa/ipaserver">
AuthType Kerberos AuthType Kerberos