summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrian m. carlson <sandals@crustytoothpaste.net>2021-08-13 13:06:18 +0000
committerbrian m. carlson <sandals@crustytoothpaste.net>2021-08-13 13:06:18 +0000
commitad34d97f13ee72188e1dc3b8bb2663989e1c10b9 (patch)
tree4f0a5ef58c94e82dca1053c6ab08360a4001285f
parent9024e920b1ba7a68b766abca41a28cdd75a648ec (diff)
role/http: use mod_auth_gssapi
In bullseye, mod_auth_kerb is going away, so switch to mod_auth_gssapi. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
-rw-r--r--modules/crustytoothpaste/manifests/role/http.pp2
-rw-r--r--modules/crustytoothpaste/templates/role/http/website/site.erb9
2 files changed, 5 insertions, 6 deletions
diff --git a/modules/crustytoothpaste/manifests/role/http.pp b/modules/crustytoothpaste/manifests/role/http.pp
index c290b8d..675f8e8 100644
--- a/modules/crustytoothpaste/manifests/role/http.pp
+++ b/modules/crustytoothpaste/manifests/role/http.pp
@@ -44,7 +44,7 @@ class crustytoothpaste::role::http::user {
class crustytoothpaste::role::http::authenticated {
include crustytoothpaste::role::http
- package { 'libapache2-mod-auth-kerb':
+ package { 'libapache2-mod-auth-gssapi':
require => Exec['apt-update'],
ensure => installed,
notify => Service['apache2'],
diff --git a/modules/crustytoothpaste/templates/role/http/website/site.erb b/modules/crustytoothpaste/templates/role/http/website/site.erb
index 0e7d076..d24c8be 100644
--- a/modules/crustytoothpaste/templates/role/http/website/site.erb
+++ b/modules/crustytoothpaste/templates/role/http/website/site.erb
@@ -11,12 +11,11 @@
kerberos = if security['realm']
<<-EOM.gsub(/^[ \t]+/, ' ')
- AuthType Kerberos
+ AuthType GSSAPI
AuthName "Kerberos Login"
- KrbMethodNegotiate on
- KrbMethodK5Passwd off
- KrbAuthRealms #{security['realm']}
- Krb5Keytab /etc/krb5.apache.keytab
+ GssapiBasicAuth off
+ GssapiAllowedMech krb5
+ GssapiCredStore keytab:/etc/krb5.apache.keytab
EOM
else
''