[Freeipa-devel] [PATCH] make testing easier
Rob Crittenden
rcritten at redhat.com
Tue Sep 25 13:12:09 UTC 2007
Simo is having problems with his Apache server seemingly not doing
ticket forwarding but only for mod_python. In trying to help him
diagnose this it became very apparent that even this low-level testing
was difficult to setup.
I've redone ipa.conf to not require Kerberos for the / but instead just
target it for the things we use (plus /cgi-bin for good measure).
I've added a new uri, /ipatest, that is shipped commented out but can be
used for this and any future basic testing needs.
I also include a simple CGI and a simple mod_python script that uses
python-ldap to do a GSSAPI LDAP connection similar to what we do in IPA.
Please consider this carefully. I'm a little nervous about the ipa.conf
changes but they were necessary because for some reason curl choked when
I had <Location /> protected by Kerberos (either a bug in Apache or curl
or both, but regardless testing was impossibe).
The only risk is that we (or someone) adds a new URI to do work and it
ends up not being protected by Kerberos. A small risk but a real one.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-216-testing.patch
Type: text/x-patch
Size: 8976 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070925/5d546624/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070925/5d546624/attachment-0001.bin>
More information about the Freeipa-devel
mailing list