[Freeipa-devel] [PATCH] make testing easier
Rob Crittenden
rcritten at redhat.com
Tue Sep 25 13:34:45 UTC 2007
Rob Crittenden wrote:
> Simo is having problems with his Apache server seemingly not doing
> ticket forwarding but only for mod_python. In trying to help him
> diagnose this it became very apparent that even this low-level testing
> was difficult to setup.
>
> I've redone ipa.conf to not require Kerberos for the / but instead just
> target it for the things we use (plus /cgi-bin for good measure).
>
> I've added a new uri, /ipatest, that is shipped commented out but can be
> used for this and any future basic testing needs.
>
> I also include a simple CGI and a simple mod_python script that uses
> python-ldap to do a GSSAPI LDAP connection similar to what we do in IPA.
>
> Please consider this carefully. I'm a little nervous about the ipa.conf
> changes but they were necessary because for some reason curl choked when
> I had <Location /> protected by Kerberos (either a bug in Apache or curl
> or both, but regardless testing was impossibe).
>
> The only risk is that we (or someone) adds a new URI to do work and it
> ends up not being protected by Kerberos. A small risk but a real one.
>
Hmm, found an issue with the Apache configuration. Still review the
patch but not ready for commit.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070925/44d7393b/attachment.bin>
More information about the Freeipa-devel
mailing list