Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 295559 Details for
Bug 433054
when a browser is pointed to the IP (or incomplete name) of the IPA server kerberos authentication fails
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
redirect users on both SSL and non-SSL ports
freeipa-669-redirect.patch (text/plain), 6.41 KB, created by
Rob Crittenden
on 2008-02-21 21:26:02 UTC
(
hide
)
Description:
redirect users on both SSL and non-SSL ports
Filename:
MIME Type:
Creator:
Rob Crittenden
Created:
2008-02-21 21:26:02 UTC
Size:
6.41 KB
patch
obsolete
># HG changeset patch ># User Rob Crittenden <rcritten@redhat.com> ># Date 1203629109 18000 ># Node ID 34ac14e647985371c6cc24b2c71a381c38b503e3 ># Parent ab47ea0b9937b369d8928d41202ccfe694a6e6f2 >Redirect users when they don't use the FQDN on both SSL and non-SSL ports > >We update the mod_nss configuration (nss.conf) during installation to include >ipa-rewrite.conf to handle the SSL side. > >433054 > >diff -r ab47ea0b9937 -r 34ac14e64798 ipa-server/ipa-server.spec >--- a/ipa-server/ipa-server.spec Thu Feb 21 16:11:42 2008 -0500 >+++ b/ipa-server/ipa-server.spec Thu Feb 21 16:25:09 2008 -0500 >@@ -1,6 +1,6 @@ Name: ipa-server > Name: ipa-server > Version: 0.99.0 >-Release: 1%{?dist} >+Release: 2%{?dist} > Summary: IPA authentication server > > Group: System Environment/Base >@@ -129,6 +129,7 @@ fi > %config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html > %{_usr}/share/ipa/ipa_webgui.cfg > %{_usr}/share/ipa/ipa.conf >+%{_usr}/share/ipa/ipa-rewrite.conf > %dir %{_usr}/share/ipa/ipagui > %{_usr}/share/ipa/ipagui/* > %dir %{_usr}/share/ipa/ipa_gui.egg-info >@@ -150,6 +151,9 @@ fi > %attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions > > %changelog >+* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-2 >+- package new file ipa-rewrite.conf >+ > * Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-1 > - Version bump for release > >diff -r ab47ea0b9937 -r 34ac14e64798 ipa-server/ipa-server.spec.in >--- a/ipa-server/ipa-server.spec.in Thu Feb 21 16:11:42 2008 -0500 >+++ b/ipa-server/ipa-server.spec.in Thu Feb 21 16:25:09 2008 -0500 >@@ -1,6 +1,6 @@ Name: ipa-server > Name: ipa-server > Version: VERSION >-Release: 1%{?dist} >+Release: 2%{?dist} > Summary: IPA authentication server > > Group: System Environment/Base >@@ -129,6 +129,7 @@ fi > %config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html > %{_usr}/share/ipa/ipa_webgui.cfg > %{_usr}/share/ipa/ipa.conf >+%{_usr}/share/ipa/ipa-rewrite.conf > %dir %{_usr}/share/ipa/ipagui > %{_usr}/share/ipa/ipagui/* > %dir %{_usr}/share/ipa/ipa_gui.egg-info >@@ -150,6 +151,9 @@ fi > %attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions > > %changelog >+* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-2 >+- package new file ipa-rewrite.conf >+ > * Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-1 > - Version bump for release > >diff -r ab47ea0b9937 -r 34ac14e64798 ipa-server/ipaserver/httpinstance.py >--- a/ipa-server/ipaserver/httpinstance.py Thu Feb 21 16:11:42 2008 -0500 >+++ b/ipa-server/ipaserver/httpinstance.py Thu Feb 21 16:25:09 2008 -0500 >@@ -64,6 +64,7 @@ class HTTPInstance(service.Service): > > self.step("disabling mod_ssl in httpd", self.__disable_mod_ssl) > self.step("Setting mod_nss port to 443", self.__set_mod_nss_port) >+ self.step("Adding URL rewriting rules", self.__add_include) > self.step("configuring httpd", self.__configure_http) > self.step("creating a keytab for httpd", self.__create_http_keytab) > self.step("Setting up ssl", self.__setup_ssl) >@@ -122,8 +123,13 @@ class HTTPInstance(service.Service): > sysrestore.backup_file("/etc/httpd/conf.d/ipa.conf") > http_fd = open("/etc/httpd/conf.d/ipa.conf", "w") > http_fd.write(http_txt) >- http_fd.close() >- >+ http_fd.close() >+ >+ http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa-rewrite.conf", self.sub_dict) >+ sysrestore.backup_file("/etc/httpd/conf.d/ipa-rewrite.conf") >+ http_fd = open("/etc/httpd/conf.d/ipa-rewrite.conf", "w") >+ http_fd.write(http_txt) >+ http_fd.close() > > def __disable_mod_ssl(self): > if os.path.exists(SSL_CONF): >@@ -133,7 +139,12 @@ class HTTPInstance(service.Service): > def __set_mod_nss_port(self): > sysrestore.backup_file(NSS_CONF) > if installutils.update_file(NSS_CONF, '8443', '443') != 0: >- print "Updating %s failed." % NSS_CONF >+ print "Updating port in %s failed." % NSS_CONF >+ >+ def __add_include(self): >+ """This should run after __set_mod_nss_port so is already backed up""" >+ if installutils.update_file(NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0: >+ print "Adding Include conf.d/ipa-rewrite to %s failed." % NSS_CONF > > def __setup_ssl(self): > ds_ca = certs.CertDB(dsinstance.config_dirname(dsinstance.realm_to_serverid(self.realm))) >diff -r ab47ea0b9937 -r 34ac14e64798 ipa-server/xmlrpc-server/Makefile.am >--- a/ipa-server/xmlrpc-server/Makefile.am Thu Feb 21 16:11:42 2008 -0500 >+++ b/ipa-server/xmlrpc-server/Makefile.am Thu Feb 21 16:25:09 2008 -0500 >@@ -24,6 +24,7 @@ appdir = $(IPA_DATA_DIR) > appdir = $(IPA_DATA_DIR) > app_DATA = \ > ipa.conf \ >+ ipa-rewrite.conf \ > $(NULL) > > EXTRA_DIST = \ >diff -r ab47ea0b9937 -r 34ac14e64798 ipa-server/xmlrpc-server/ipa-rewrite.conf >--- /dev/null Thu Jan 01 00:00:00 1970 +0000 >+++ b/ipa-server/xmlrpc-server/ipa-rewrite.conf Thu Feb 21 16:25:09 2008 -0500 >@@ -0,0 +1,12 @@ >+RewriteEngine on >+ >+# Redirect to the fully-qualified hostname. Not redirecting to secure >+# port so configuration files can be retrieved without requiring SSL. >+RewriteCond %{HTTP_HOST} !^$FQDN$$ [NC] >+RewriteRule ^/(.*) http://$FQDN/$$1 [L,R=301] >+ >+# Redirect to the secure port if not displaying an error or retrieving >+# configuration. >+RewriteCond %{SERVER_PORT} !^443$$ >+RewriteCond %{REQUEST_URI} !^/(errors|config|favicon.ico) >+RewriteRule ^/(.*) https://$FQDN/$$1 [L,R=301,NC] >diff -r ab47ea0b9937 -r 34ac14e64798 ipa-server/xmlrpc-server/ipa.conf >--- a/ipa-server/xmlrpc-server/ipa.conf Thu Feb 21 16:11:42 2008 -0500 >+++ b/ipa-server/xmlrpc-server/ipa.conf Thu Feb 21 16:25:09 2008 -0500 >@@ -2,18 +2,7 @@ > > ProxyRequests Off > >-RewriteEngine on >- >-# Redirect to the fully-qualified hostname. Not redirecting to secure >-# port so configuration files can be retrieved without requiring SSL. >-RewriteCond %{HTTP_HOST} !^$FQDN$$ [NC] >-RewriteRule ^/(.*) http://$FQDN/$$1 [L,R=301] >- >-# Redirect to the secure port if not displaying an error or retrieving >-# configuration. >-RewriteCond %{SERVER_PORT} !^443$$ >-RewriteCond %{REQUEST_URI} !^/(errors|config|favicon.ico) >-RewriteRule ^/(.*) https://$FQDN/$$1 [L,R=301,NC] >+# ipa-rewrite.conf is loaded separately > > # This is required so the auto-configuration works with Firefox 2+ > AddType application/java-archive jar
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=295559">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 433054
: 295559