Changeset 1235


Ignore:
Timestamp:
Oct 24, 2008, 2:24:12 PM (16 years ago)
Author:
quentin
Message:

Offer Kerberos authentication to supporting browsers

Location:
trunk/packages/sipb-xen-www
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/packages/sipb-xen-www/debian/changelog

    r1215 r1235  
     1sipb-xen-www (3.17) unstable; urgency=low
     2
     3  * Add Kerberos-authenticated web interface on port 442
     4
     5 -- Quentin Smith <quentin@mit.edu>  Fri, 24 Oct 14:22:21 -0400
     6
    17sipb-xen-www (3.16) unstable; urgency=low
    28
  • trunk/packages/sipb-xen-www/debian/control

    r1215 r1235  
    99Architecture: all
    1010Depends: ${misc:Depends}, libapache2-mod-fcgid, python-flup, python-cheetah, python-simplejson, sipb-xen-database-common, sipb-xen-vnc-client, kstart, debathena-afs-config, sipb-xen-base,
    11  libapache2-svn, postfix, subversion, zephyr-clients
     11 libapache2-svn, libapache2-mod-auth-kerb, postfix, subversion, zephyr-clients
    1212Description: Install the sipb-xen-dev website
  • trunk/packages/sipb-xen-www/files/etc/apache2/sites-available/ssl.mako

    r1028 r1235  
    55tracuri  = cfg.trac.uri
    66%>
     7Listen 442
    78Listen 446
    89
    9 <VirtualHost *:443>
    10         ServerAdmin ${errmail}
    11         ServerName ${hostname}:443
    12        
     10<%def name="invirt_webinterface()">
    1311        DocumentRoot /var/www/sipb-xen-www
    1412        <Directory /var/www/sipb-xen-www>
     
    1917        </Directory>
    2018        <Location />
    21                 Require valid-user
    22                 AuthType SSLCert
    23                 AuthSSLCertVar SSL_CLIENT_S_DN_Email
    24                 AuthSSLCertStripSuffix "@MIT.EDU"
     19${caller.body()}
    2520        </Location>
    2621
     
    5752       
    5853        SSLCACertificateFile ssl/mitCAclient.pem
    59         SSLVerifyClient require
    6054        SSLVerifyDepth 10
    6155
     
    6559
    6660        Redirect /wiki ${tracuri}       
     61</%def>
     62<VirtualHost *:443>
     63        ServerAdmin ${errmail}
     64        ServerName ${hostname}:443
     65        <%call expr="invirt_webinterface()">
     66                Require valid-user
     67                AuthType SSLCert
     68                AuthSSLCertVar SSL_CLIENT_S_DN_Email
     69                AuthSSLCertStripSuffix "@MIT.EDU"
     70        </%call>
     71        SSLVerifyClient require
     72</VirtualHost>
     73<VirtualHost *:442>
     74        ServerAdmin ${errmail}
     75        ServerName ${hostname}:442
     76        <%call expr="invirt_webinterface()">
     77                Require valid-user
     78                AuthType Kerberos
     79                KrbMethodNegotiate on
     80                KrbMethodK5Passwd off
     81                KrbAuthoritative off
     82                KrbAuthRealms ${cfg.authn[0].realm}
     83                Krb5Keytab /etc/invirt/keytab
     84                KrbSaveCredentials off
     85        </%call>
     86        SSLVerifyClient optional
    6787</VirtualHost>
    6888
Note: See TracChangeset for help on using the changeset viewer.