[Freeipa-devel] SSL
Rob Crittenden
rcritten at redhat.com
Thu Jul 12 19:19:14 UTC 2007
Karl MacMillan wrote:
> On Thu, 2007-07-12 at 14:35 -0400, Simo Sorce wrote:
>> On Thu, 2007-07-12 at 14:34 -0400, Karl MacMillan wrote:
>>> On Thu, 2007-07-12 at 14:31 -0400, Simo Sorce wrote:
>>>> On Thu, 2007-07-12 at 11:34 -0400, Rob Crittenden wrote:
>>>>
>>>>> I think we need to revisit the resistance to Apache here. It already
>>>>> provides kerberos authentication with ticket forwarding. It seems
>>>>> like
>>>>> reinventing the wheel doing it in Python instead. koji/brew use
>>>>> Apache
>>>>> as the front-end and it seems to work ok.
>>>> If you can come up with a simple way to drop a configuration file in the
>>>> pache dir that does all we need (simply doing an service httpd restart)
>>>> then I think using apache may make sense.
>>>> I don't think people will use the same box to store identities and to
>>>> serve casual HTTP content anyway :)
>>>>
>>> That's fine with me - and we already require it for the DS admin server.
>>> And since we were planning on taking over port 80 with some server I
>>> don't think people could use the box for web serving anyway.
>> You mean 443 here, right? :-)
>>
>
> Oops.
>
>>> What about the xml-rpc layer though?
>> What about it ?
>>
>
> Will it also go through apache?
>
This is the layer I want to put behind Apache so I can inherit the
kerbeors auth capability. This is what koji/brew does and it seems to
work ok for them. I just need to see if I have access to the forwardable
ticket via mod_python. I think it works but I want to see it.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070712/c26ab2e7/attachment.bin>
More information about the Freeipa-devel
mailing list