Context Navigation

← Previous Change
Next Change →

sites-available

Timestamp:

Oct 24, 2008, 2:24:12 PM (16 years ago)

Author:

quentin

Message:

Offer Kerberos authentication to supporting browsers

File:

: 1 edited

trunk/packages/sipb-xen-www/files/etc/apache2/sites-available/ssl.mako (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/packages/sipb-xen-www/files/etc/apache2/sites-available/ssl.mako

-                      r1028
+                      r1235
 tracuri  = cfg.trac.uri
 %>
+Listen 442
 Listen 446
+<VirtualHost *:443>
+        ServerAdmin ${errmail}
+        ServerName ${hostname}:443
+<%def name="invirt_webinterface()">
         DocumentRoot /var/www/sipb-xen-www
         <Directory /var/www/sipb-xen-www>
 …
         </Directory>
         <Location />
+                Require valid-user
+                AuthType SSLCert
+                AuthSSLCertVar SSL_CLIENT_S_DN_Email
+                AuthSSLCertStripSuffix "@MIT.EDU"
+${caller.body()}
         </Location>
 …
         SSLCACertificateFile ssl/mitCAclient.pem
-        SSLVerifyClient require
         SSLVerifyDepth 10
 …
         Redirect /wiki ${tracuri}
+</%def>
+<VirtualHost *:443>
+        ServerAdmin ${errmail}
+        ServerName ${hostname}:443
+        <%call expr="invirt_webinterface()">
+                Require valid-user
+                AuthType SSLCert
+                AuthSSLCertVar SSL_CLIENT_S_DN_Email
+                AuthSSLCertStripSuffix "@MIT.EDU"
+        </%call>
+        SSLVerifyClient require
+</VirtualHost>
+<VirtualHost *:442>
+        ServerAdmin ${errmail}
+        ServerName ${hostname}:442
+        <%call expr="invirt_webinterface()">
+                Require valid-user
+                AuthType Kerberos
+                KrbMethodNegotiate on
+                KrbMethodK5Passwd off
+                KrbAuthoritative off
+                KrbAuthRealms ${cfg.authn[0].realm}
+                Krb5Keytab /etc/invirt/keytab
+                KrbSaveCredentials off
+        </%call>
+        SSLVerifyClient optional
 </VirtualHost>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 1235 for trunk/packages/sipb-xen-www/files/etc/apache2/sites-available

Legend:

trunk/packages/sipb-xen-www/files/etc/apache2/sites-available/ssl.mako

Download in other formats: