mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
7cbd9bd429
This commit adds configuration for HTTPD to encrypt/decrypt its key which we currently store in clear on the disc. A password-reading script is added for mod_ssl. This script is extensible for the future use of directory server with the expectation that key encryption/decription will be handled similarly by its configuration. https://pagure.io/freeipa/issue/7421 Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
37 lines
1.0 KiB
Bash
Executable File
37 lines
1.0 KiB
Bash
Executable File
#!/bin/bash
|
|
# This program is a handler written for Apache mod_ssl's SSLPassPhraseDialog.
|
|
#
|
|
# If you'd like to write your custom binary providing passwords to mod_ssl,
|
|
# see the documentation of the aforementioned directive of the mod_ssl module.
|
|
|
|
USAGE="./ipa-pwdreader host:port RSA|DSA|ECC|number"
|
|
ERR_UNKNOWN_KEY="\
|
|
ERROR: You seem to be running a non-standard IPA installation.
|
|
Please extend the /var/libexec/ipa/ipa-pwdreader script to cover your case."
|
|
|
|
if [ ! "$#" -eq 2 ]; then
|
|
echo "Wrong number of arguments!" 1>&2
|
|
echo "$USAGE" 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
|
|
case "$1" in
|
|
"${HOSTNAME}:443" )
|
|
# Read IPA password
|
|
# IPA expects the password filename format to be
|
|
# <hostname>-<port>-<ecryption_algorithm>
|
|
IPA_PASSWD_PATH="/var/lib/ipa/passwds/${1/:/-}-$2"
|
|
cat $IPA_PASSWD_PATH
|
|
;;
|
|
# ================
|
|
# Extend for more virtual hosts with
|
|
# <vhostname>:<vhost_port> )
|
|
# your_code
|
|
# ;;
|
|
# ================
|
|
*)
|
|
echo "$ERR_UNKNOWN_KEY" 1>&2
|
|
exit 1
|
|
esac
|