mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-26 00:41:25 -06:00
2cd6788c3f
mod_wsgi has no way to import a WSGI module by dotted module name. A new kdcproxy.wsgi script is used to import kdcproxy from whatever Python version mod_wsgi is compiled against. This will simplify moving FreeIPA to Python 3 and solves an import problem on Debian. Resolves: https://pagure.io/freeipa/issue/6834 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
31 lines
1.0 KiB
Plaintext
31 lines
1.0 KiB
Plaintext
# Kerberos over HTTP / MS-KKDCP support (Kerberos KDC Proxy)
|
|
#
|
|
# The symlink from /etc/ipa/kdcproxy/ to /etc/httpd/conf.d/ is maintained
|
|
# by the ExecStartPre script /usr/libexec/ipa/ipa-httpd-kdcproxy in
|
|
# httpd.service. The service also sets the environment variable
|
|
# KDCPROXY_CONFIG to $KDCPROXY_CONFIG.
|
|
#
|
|
# Disable KDC Proxy on the current host:
|
|
# # ipa-ldap-updater /usr/share/ipa/kdcproxy-disable.uldif
|
|
# # systemctl restart httpd.service
|
|
#
|
|
# Enable KDC Proxy on the current host:
|
|
# # ipa-ldap-updater /usr/share/ipa/kdcproxy-enable.uldif
|
|
# # systemctl restart httpd.service
|
|
#
|
|
|
|
WSGIDaemonProcess kdcproxy processes=2 threads=15 maximum-requests=5000 \
|
|
user=kdcproxy group=kdcproxy display-name=%{GROUP}
|
|
WSGIImportScript /usr/share/ipa/kdcproxy.wsgi \
|
|
process-group=kdcproxy application-group=kdcproxy
|
|
WSGIScriptAlias /KdcProxy /usr/share/ipa/kdcproxy.wsgi
|
|
WSGIScriptReloading Off
|
|
|
|
<Location "/KdcProxy">
|
|
Satisfy Any
|
|
Order Deny,Allow
|
|
Allow from all
|
|
WSGIProcessGroup kdcproxy
|
|
WSGIApplicationGroup kdcproxy
|
|
</Location>
|