[doc] cleanups, fixes & complements

a5b6f7eb · Aurelien Campeas · 61dcb1a90207 · 79bfa649
Commit a5b6f7eb authored Aug 04, 2010 by Aurelien Campeas
--- a/wdoc/setup_fr
+++ b/wdoc/setup_fr
@@ -148,12 +148,6 @@ Il faut ajouter un "service principal" pour le serveur web::
 Re-enter password for principal "HTTP/toto.logilab.fr@PLUK.FR": 
 Principal "HTTP/toto.logilab.fr@PLUK.FR" created.

- kadmin:  ktadd -k /etc/krb5.keytab HTTP/toto.logilab.fr
- Entry for principal HTTP/toto.logilab.fr with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab.
- Entry for principal HTTP/toto.logilab.fr with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
- Entry for principal HTTP/toto.logilab.fr with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
- Entry for principal HTTP/toto.logilab.fr with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.
-
 kadmin:  ktadd -k /etc/apache2/apache.keytab HTTP/toto.logilab.fr
 Entry for principal HTTP/toto.logilab.fr with kvno 4, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/apache2/apache.keytab.
 Entry for principal HTTP/toto.logilab.fr with kvno 4, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/apache2/apache.keytab.
@@ -192,7 +186,8 @@ Commandes::

 Il faut éditer la configuration d'un certain nombre de modules.

-Contenu de /etc/apache2/mods-enabled/proxy.conf (à revoir de près)::
+Contenu de /etc/apache2/mods-enabled/proxy.conf (aspect sécurité à
+revoir de près)::

 <IfModule mod_proxy.c>
        #turning ProxyRequests on and allowing proxying from all may allow
@@ -248,13 +243,18 @@ Dans /etc/apache2/sites-available/cw-kerberos::
    <Location />
        AuthType Kerberos
        AuthName "Cubicweb Myinstance"
+        # either use the KDC or keytabs
        KrbVerifyKDC On
+        # Krb5Keytab /etc/apache2/apache.keytab
+
+        # turning it on can help debugging
        KrbMethodK5Passwd Off
+
        KrbServiceName HTTP/toto.logilab.fr@PLUK.FR
        KrbMethodNegotiate On
        KrbAuthRealms PLUK.FR
        Require valid-user
-        RequestHeader set X_REMOTE_USER %{remoteUser}e
+        RequestHeader set X-REMOTE-USER %{remoteUser}e
    </Location>

    RewriteEngine On
@@ -279,6 +279,8 @@ valeurs raisonnables pour certains champs::
  https-url=https://toto.logilab.fr
  base-url=http://toto.logilab.fr

+Démarrer l'instance en mode debug (``-l debug``) fournira suffisamment
+d'information pour identifier où ça se passe mal.

 Configuration Navigateur
 ------------------------