[Freeipa-devel] [PATCH] make testing easier
Karl MacMillan
kmacmill at redhat.com
Thu Sep 27 14:41:19 UTC 2007
On Thu, 2007-09-27 at 10:06 -0400, Rob Crittenden wrote:
> Karl MacMillan wrote:
> > On Tue, 2007-09-25 at 09:12 -0400, Rob Crittenden wrote:
> >> Simo is having problems with his Apache server seemingly not doing
> >> ticket forwarding but only for mod_python. In trying to help him
> >> diagnose this it became very apparent that even this low-level testing
> >> was difficult to setup.
> >>
> >> I've redone ipa.conf to not require Kerberos for the / but instead just
> >> target it for the things we use (plus /cgi-bin for good measure).
> >>
> >
> > Is this the right approach or should we have specific urls for testing /
> > error. I don't think I understand the changes well enough to assess the
> > risks.
>
> I don't understand. Isn't /ipatest a specific url for testing? I was
> thinking this would be disabled by default.
>
> We need a specific url for errors because it needs to be unauthenticated
> (so the user has a place to go on the same machine if their auth fails).
>
That was my understanding from the patch, but you mentioned that / would
not be authenticated and that posed some risk. I was trying to
understand that portion of your comments.
Karl
More information about the Freeipa-devel
mailing list