From 7b35cb159bdd6314caa984984f2137d3f9beb46c Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 4 Sep 2020 13:37:45 +0000
Subject: [PATCH] Add GSSAPI authentication to collab hosts

---
 playbooks/collab.yml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/playbooks/collab.yml b/playbooks/collab.yml
index fdd114f..9e53074 100644
--- a/playbooks/collab.yml
+++ b/playbooks/collab.yml
@@ -22,3 +22,32 @@
 
   roles:
     - base
+    - collab
+    - mod_auth_gssapi
+    - role: kerberos/keytab
+      keytab: /etc/httpd/httpd.keytab
+      principals: HTTP/collab01.home.foo.sh@FOO.SH
+      group: apache
+
+  tasks:
+    - name: create htaccess for collab
+      copy:
+        content: |
+          RewriteEngine On
+          RewriteCond %{REQUEST_FILENAME} !-f
+          RewriteRule ^(.*)$ wsgi/$1 [QSA,PT,L]
+
+          <Files wsgi>
+            SetHandler wsgi-script
+          </Files>
+
+          AuthType        GSSAPI
+          GssapiBasicAuth On
+          AuthName        "Password Required (cancel for help)"
+          Require valid-user
+        dest: /srv/wikis/collab/htdocs/.htaccess
+        owner: collab
+        group: collab
+        mode: 0660
+        seuser: _default
+        setype: _default