Added mod_auth_kerb module to apache.
This commit is contained in:
parent
e75a38070a
commit
0d5d809519
2 changed files with 72 additions and 0 deletions
|
|
@ -311,6 +311,47 @@ define apache::sslsite($root="none", $config="none",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Install mod_auth_kerb.
|
||||||
|
#
|
||||||
|
class apache::mod::auth_kerb {
|
||||||
|
|
||||||
|
package { "mod_auth_kerb":
|
||||||
|
ensure => installed,
|
||||||
|
require => Package["httpd"],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "/etc/httpd/conf.d/auth_kerb.conf":
|
||||||
|
ensure => present,
|
||||||
|
content => template("apache/auth_kerb.conf.erb"),
|
||||||
|
mode => 0644,
|
||||||
|
owner => root,
|
||||||
|
group => root,
|
||||||
|
require => Package["mod_auth_kerb"],
|
||||||
|
}
|
||||||
|
|
||||||
|
if defined(Service["httpd"]) {
|
||||||
|
file { "/etc/httpd/conf.http.d/auth_kerb.conf":
|
||||||
|
ensure => link,
|
||||||
|
target => "/etc/httpd/conf.d/auth_kerb.conf",
|
||||||
|
require => Package["mod_auth_kerb"],
|
||||||
|
notify => Service["httpd"],
|
||||||
|
subscribe => File["/etc/httpd/conf.d/auth_kerb.conf"],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if defined(Service["httpsd"]) {
|
||||||
|
file { "/etc/httpd/conf.https.d/auth_kerb.conf":
|
||||||
|
ensure => link,
|
||||||
|
target => "/etc/httpd/conf.d/auth_kerb.conf",
|
||||||
|
require => Package["mod_auth_kerb"],
|
||||||
|
notify => Service["httpsd"],
|
||||||
|
subscribe => File["/etc/httpd/conf.d/auth_kerb.conf"],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# Install mod_perl.
|
# Install mod_perl.
|
||||||
#
|
#
|
||||||
class apache::mod::perl {
|
class apache::mod::perl {
|
||||||
|
|
|
||||||
31
apache/templates/auth_kerb.conf.erb
Normal file
31
apache/templates/auth_kerb.conf.erb
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
#
|
||||||
|
# The mod_auth_kerb module implements Kerberos authentication over
|
||||||
|
# HTTP, following the "Negotiate" protocol.
|
||||||
|
#
|
||||||
|
|
||||||
|
LoadModule auth_kerb_module modules/mod_auth_kerb.so
|
||||||
|
|
||||||
|
#
|
||||||
|
# Sample configuration: Kerberos authentication must only be
|
||||||
|
# used over SSL to prevent replay attacks. The keytab file
|
||||||
|
# configured must be readable only by the "apache" user, and
|
||||||
|
# must contain service keys for "HTTP/www.example.com", where
|
||||||
|
# "www.example.com" is the FQDN of this server.
|
||||||
|
#
|
||||||
|
|
||||||
|
KrbAuthRealms <%= kerberos_realm %>
|
||||||
|
Krb5KeyTab /etc/httpd/conf/httpsd.keytab
|
||||||
|
KrbMethodNegotiate On
|
||||||
|
KrbAuthoritative On
|
||||||
|
KrbMethodK5Passwd Off
|
||||||
|
|
||||||
|
#<Location /private>
|
||||||
|
# SSLRequireSSL
|
||||||
|
# AuthType Kerberos
|
||||||
|
# AuthName "Kerberos Login"
|
||||||
|
# KrbMethodNegotiate On
|
||||||
|
# KrbMethodK5Passwd Off
|
||||||
|
# KrbAuthRealms EXAMPLE.COM
|
||||||
|
# Krb5KeyTab /etc/httpd/conf/keytab
|
||||||
|
# require valid-user
|
||||||
|
#</Location>
|
||||||
Loading…
Add table
Reference in a new issue