LoadModule userdir_module modules/mod_userdir.so
LoadModule version_module modules/mod_version.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
-
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule auth_gssapi_module mod_auth_gssapi.so
<Directory />
+ Options +Includes
+ AddOutputFilter INCLUDES .html
AllowOverride none
Require all denied
</Directory>
CoreDumpDirectory /tmp
+
<Location /spnego>
AuthType GSSAPI
AuthName "Login"
</Location>
<Location /basic_auth_krb5>
+ Options +Includes
+ AddOutputFilter INCLUDES .html
AuthType GSSAPI
AuthName "Password Login"
GssapiSSLonly Off
GssapiCredStore keytab:${HTTPROOT}/http.keytab
GssapiBasicAuth On
GssapiBasicAuthMech krb5
+ GssapiConnectionBound On
Require valid-user
</Location>
}
[domain_realm]
- .mag.dev = MAG.DEV
- mag.dev = MAG.DEV
+ .mag.dev = ${TESTREALM}
+ mag.dev = ${TESTREALM}
[dbmodules]
${TESTREALM} = {
USR_NAME = "maguser"
USR_PWD = "magpwd"
+USR_NAME_2 = "maguser2"
+USR_PWD_2 = "magpwd2"
SVC_KTNAME = "httpd/http.keytab"
KEY_TYPE = "aes256-cts-hmac-sha1-96:normal"
with (open(testlog, 'a')) as logfile:
kadmin_local(cmd, env, logfile)
+ cmd = "addprinc -pw %s -e %s %s" % (USR_PWD_2, KEY_TYPE, USR_NAME_2)
+ with (open(testlog, 'a')) as logfile:
+ kadmin_local(cmd, env, logfile)
+
keys_env = { "KRB5_KTNAME": svc_keytab }
keys_env.update(env)
else:
sys.stderr.write('BASIC-AUTH: SUCCESS\n')
+ with (open(testlog, 'a')) as logfile:
+ basick5 = subprocess.Popen(["tests/t_basic_k5_two_users.py"],
+ stdout=logfile, stderr=logfile,
+ env=testenv, preexec_fn=os.setsid)
+ basick5.wait()
+ if basick5.returncode != 0:
+ sys.stderr.write('BASIC-AUTH Two Users: FAILED\n')
+ else:
+ sys.stderr.write('BASIC-AUTH Two Users: SUCCESS\n')
+
if __name__ == '__main__':
testenv = {'MAG_USER_NAME': USR_NAME,
- 'MAG_USER_PASSWORD': USR_PWD}
+ 'MAG_USER_PASSWORD': USR_PWD,
+ 'MAG_USER_NAME_2': USR_NAME_2,
+ 'MAG_USER_PASSWORD_2': USR_PWD_2}
testenv.update(kdcenv)
test_basic_auth_krb5(testdir, testenv, testlog)
--- /dev/null
+#!/usr/bin/python
+# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
+
+import os
+import requests
+from requests.auth import HTTPBasicAuth
+
+
+if __name__ == '__main__':
+ s = requests.Session()
+
+ url = 'http://%s:%s@%s/basic_auth_krb5/' % (os.environ['MAG_USER_NAME'],
+ os.environ['MAG_USER_PASSWORD'],
+ os.environ['NSS_WRAPPER_HOSTNAME'])
+ r = s.get(url)
+ if r.status_code != 200:
+ raise ValueError('Basic Auth Failed')
+
+ url = 'http://%s:%s@%s/basic_auth_krb5/' % (os.environ['MAG_USER_NAME_2'],
+ os.environ['MAG_USER_PASSWORD_2'],
+ os.environ['NSS_WRAPPER_HOSTNAME'])
+ r2 = s.get(url)
+ if r2.status_code != 200:
+ raise ValueError('Basic Auth failed')
+
+ if r.text == r2.text:
+ raise ValueError('Basic Auth fatal error')