Commit a5b6f7eb authored by Aurelien Campeas's avatar Aurelien Campeas
Browse files

[doc] cleanups, fixes & complements

parent 61dcb1a90207
......@@ -148,12 +148,6 @@ Il faut ajouter un "service principal" pour le serveur web::
Re-enter password for principal "HTTP/toto.logilab.fr@PLUK.FR":
Principal "HTTP/toto.logilab.fr@PLUK.FR" created.
kadmin: ktadd -k /etc/krb5.keytab HTTP/toto.logilab.fr
Entry for principal HTTP/toto.logilab.fr with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab.
Entry for principal HTTP/toto.logilab.fr with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
Entry for principal HTTP/toto.logilab.fr with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
Entry for principal HTTP/toto.logilab.fr with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.
kadmin: ktadd -k /etc/apache2/apache.keytab HTTP/toto.logilab.fr
Entry for principal HTTP/toto.logilab.fr with kvno 4, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/apache2/apache.keytab.
Entry for principal HTTP/toto.logilab.fr with kvno 4, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/apache2/apache.keytab.
......@@ -192,7 +186,8 @@ Commandes::
Il faut éditer la configuration d'un certain nombre de modules.
Contenu de /etc/apache2/mods-enabled/proxy.conf (à revoir de près)::
Contenu de /etc/apache2/mods-enabled/proxy.conf (aspect sécurité à
revoir de près)::
<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
......@@ -248,13 +243,18 @@ Dans /etc/apache2/sites-available/cw-kerberos::
<Location />
AuthType Kerberos
AuthName "Cubicweb Myinstance"
# either use the KDC or keytabs
KrbVerifyKDC On
# Krb5Keytab /etc/apache2/apache.keytab
# turning it on can help debugging
KrbMethodK5Passwd Off
KrbServiceName HTTP/toto.logilab.fr@PLUK.FR
KrbMethodNegotiate On
KrbAuthRealms PLUK.FR
Require valid-user
RequestHeader set X_REMOTE_USER %{remoteUser}e
RequestHeader set X-REMOTE-USER %{remoteUser}e
</Location>
RewriteEngine On
......@@ -279,6 +279,8 @@ valeurs raisonnables pour certains champs::
https-url=https://toto.logilab.fr
base-url=http://toto.logilab.fr
Démarrer l'instance en mode debug (``-l debug``) fournira suffisamment
d'information pour identifier où ça se passe mal.
Configuration Navigateur
------------------------
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment