ServerRoot "${HTTPROOT}"
ServerName "${HTTPNAME}"
Listen ${HTTPADDR}:${HTTPPORT}
+Listen ${HTTPADDR}:${PROXYPORT}
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule actions_module modules/mod_actions.so
LoadModule version_module modules/mod_version.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule auth_gssapi_module mod_auth_gssapi.so
Require valid-user
</Location>
+<VirtualHost *:${PROXYPORT}>
+ ProxyRequests On
+ ProxyVia On
+
+ <Proxy *>
+ AuthType GSSAPI
+ AuthName "Proxy Login"
+ GssapiCredStore ccache:${HTTPROOT}/tmp/httpd_krb5_ccache
+ GssapiCredStore client_keytab:${HTTPROOT}/http.keytab
+ GssapiCredStore keytab:${HTTPROOT}/http.keytab
+ GssapiBasicAuth On
+ Require valid-user
+ </Proxy>
+</VirtualHost>
WRAP_HOSTNAME = "kdc.mag.dev"
WRAP_IPADDR = '127.0.0.9'
+WRAP_HTTP_PORT = '80'
+WRAP_PROXY_PORT = '8080'
def setup_wrappers(base):
wenv = {'LD_PRELOAD': 'libsocket_wrapper.so libnss_wrapper.so',
'SOCKET_WRAPPER_DIR': wrapdir,
'SOCKET_WRAPPER_DEFAULT_IFACE': '9',
+ 'WRAP_PROXY_PORT': WRAP_PROXY_PORT,
'NSS_WRAPPER_HOSTNAME': WRAP_HOSTNAME,
'NSS_WRAPPER_HOSTS': hosts_file}
text = t.substitute({'HTTPROOT': httpdir,
'HTTPNAME': WRAP_HOSTNAME,
'HTTPADDR': WRAP_IPADDR,
- 'HTTPPORT': '80'})
+ 'PROXYPORT': WRAP_PROXY_PORT,
+ 'HTTPPORT': WRAP_HTTP_PORT})
config = os.path.join(httpdir, 'httpd.conf')
with open(config, 'w+') as f:
f.write(text)
else:
sys.stderr.write('BASIC-AUTH Two Users: SUCCESS\n')
+ with (open(testlog, 'a')) as logfile:
+ basick5 = subprocess.Popen(["tests/t_basic_proxy.py"],
+ stdout=logfile, stderr=logfile,
+ env=testenv, preexec_fn=os.setsid)
+ basick5.wait()
+ if basick5.returncode != 0:
+ sys.stderr.write('BASIC Proxy Auth: FAILED\n')
+ else:
+ sys.stderr.write('BASIC Proxy Auth: SUCCESS\n')
+
if __name__ == '__main__':
--- /dev/null
+#!/usr/bin/python
+# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
+
+import os
+import requests
+from requests.auth import HTTPBasicAuth
+
+
+if __name__ == '__main__':
+ proxy = 'http://%s:%s@%s:%s' % (os.environ['MAG_USER_NAME'],
+ os.environ['MAG_USER_PASSWORD'],
+ os.environ['NSS_WRAPPER_HOSTNAME'],
+ os.environ['WRAP_PROXY_PORT'])
+ proxies = { "http": proxy, }
+ url = 'http://%s/basic_auth_krb5/' % os.environ['NSS_WRAPPER_HOSTNAME']
+ r = requests.get(url, proxies=proxies,
+ auth=HTTPBasicAuth(os.environ['MAG_USER_NAME_2'],
+ os.environ['MAG_USER_PASSWORD_2']))
+ if r.status_code != 200:
+ raise ValueError('Basic Proxy Auth Failed')