|
267 | 267 | 'passenger_app_log_file' => '/tmp/app.log', |
268 | 268 | 'passenger_debugger' => false, |
269 | 269 | 'gssapi' => { |
270 | | - 'basicauth' => 'On', |
271 | | - 'credstore' => 'keytab:/foo/bar.keytab', |
272 | | - 'localname' => 'On', |
273 | | - 'sslonly' => 'Off', |
| 270 | + 'acceptor_name' => '{HOSTNAME}', |
| 271 | + 'allowed_mech' => ['krb5', 'iakerb', 'ntlmssp'], |
| 272 | + 'basic_auth' => true, |
| 273 | + 'basic_auth_mech' => ['krb5', 'iakerb', 'ntlmssp'], |
| 274 | + 'basic_ticket_timeout' => 300, |
| 275 | + 'connection_bound' => true, |
| 276 | + 'cred_store' => { |
| 277 | + 'ccache' => ['/path/to/directory'], |
| 278 | + 'client_keytab' => ['/path/to/example.keytab'], |
| 279 | + 'keytab' => ['/path/to/example.keytab'], |
| 280 | + }, |
| 281 | + 'deleg_ccache_dir' => '/path/to/directory', |
| 282 | + 'deleg_ccache_env_var' => 'KRB5CCNAME', |
| 283 | + 'deleg_ccache_perms' => { |
| 284 | + 'mode' => '0600', |
| 285 | + 'uid' => 'example-user', |
| 286 | + 'gid' => 'example-group', |
| 287 | + }, |
| 288 | + 'deleg_ccache_unique' => true, |
| 289 | + 'impersonate' => true, |
| 290 | + 'local_name' => true, |
| 291 | + 'name_attributes' => 'json', |
| 292 | + 'negotiate_once' => true, |
| 293 | + 'publish_errors' => true, |
| 294 | + 'publish_mech' => true, |
| 295 | + 'required_name_attributes' => 'auth-indicators=high', |
| 296 | + 'session_key' => 'file:/path/to/example.key', |
| 297 | + 'signal_persistent_auth' => true, |
| 298 | + 'ssl_only' => true, |
| 299 | + 'use_s4u2_proxy' => true, |
| 300 | + 'use_sessions' => true, |
274 | 301 | }, |
275 | 302 | }, |
276 | 303 | { |
|
971 | 998 | content: %r{^\s+PassengerDebugger\sOff$}, |
972 | 999 | ) |
973 | 1000 | } |
| 1001 | + it { |
| 1002 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1003 | + content: %r{^\s+GssapiAcceptorName\s{HOSTNAME}$}, |
| 1004 | + ) |
| 1005 | + } |
| 1006 | + it { |
| 1007 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1008 | + content: %r{^\s+GssapiAllowedMech\skrb5$}, |
| 1009 | + ) |
| 1010 | + } |
| 1011 | + it { |
| 1012 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1013 | + content: %r{^\s+GssapiAllowedMech\siakerb$}, |
| 1014 | + ) |
| 1015 | + } |
| 1016 | + it { |
| 1017 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1018 | + content: %r{^\s+GssapiAllowedMech\sntlmssp$}, |
| 1019 | + ) |
| 1020 | + } |
974 | 1021 | it { |
975 | 1022 | is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
976 | 1023 | content: %r{^\s+GssapiBasicAuth\sOn$}, |
977 | 1024 | ) |
978 | 1025 | } |
979 | 1026 | it { |
980 | 1027 | is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
981 | | - content: %r{^\s+GssapiCredStore\skeytab:/foo/bar.keytab$}, |
| 1028 | + content: %r{^\s+GssapiBasicAuthMech\skrb5$}, |
| 1029 | + ) |
| 1030 | + } |
| 1031 | + it { |
| 1032 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1033 | + content: %r{^\s+GssapiBasicAuthMech\siakerb$}, |
| 1034 | + ) |
| 1035 | + } |
| 1036 | + it { |
| 1037 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1038 | + content: %r{^\s+GssapiBasicAuthMech\sntlmssp$}, |
| 1039 | + ) |
| 1040 | + } |
| 1041 | + it { |
| 1042 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1043 | + content: %r{^\s+GssapiBasicTicketTimeout\s300$}, |
| 1044 | + ) |
| 1045 | + } |
| 1046 | + it { |
| 1047 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1048 | + content: %r{^\s+GssapiConnectionBound\sOn$}, |
| 1049 | + ) |
| 1050 | + } |
| 1051 | + it { |
| 1052 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1053 | + content: %r{^\s+GssapiCredStore\sccache:FILE:/path/to/directory$}, |
| 1054 | + ) |
| 1055 | + } |
| 1056 | + it { |
| 1057 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1058 | + content: %r{^\s+GssapiCredStore\sclient_keytab:/path/to/example\.keytab$}, |
| 1059 | + ) |
| 1060 | + } |
| 1061 | + it { |
| 1062 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1063 | + content: %r{^\s+GssapiCredStore\skeytab:/path/to/example\.keytab$}, |
| 1064 | + ) |
| 1065 | + } |
| 1066 | + it { |
| 1067 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1068 | + content: %r{^\s+GssapiDelegCcacheDir\s/path/to/directory$}, |
| 1069 | + ) |
| 1070 | + } |
| 1071 | + it { |
| 1072 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1073 | + content: %r{^\s+GssapiDelegCcacheEnvVar\sKRB5CCNAME$}, |
| 1074 | + ) |
| 1075 | + } |
| 1076 | + it { |
| 1077 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1078 | + content: %r{^\s+GssapiDelegCcachePerms\smode:0600\suid:example-user\sgid:example-group$}, |
982 | 1079 | ) |
983 | 1080 | } |
984 | 1081 | it { |
985 | 1082 | is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
986 | | - content: %r{^\s+GssapiSSLonly\sOff$}, |
| 1083 | + content: %r{^\s+GssapiDelegCcacheUnique\sOn$}, |
| 1084 | + ) |
| 1085 | + } |
| 1086 | + it { |
| 1087 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1088 | + content: %r{^\s+GssapiImpersonate\sOn$}, |
987 | 1089 | ) |
988 | 1090 | } |
989 | 1091 | it { |
990 | 1092 | is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
991 | 1093 | content: %r{^\s+GssapiLocalName\sOn$}, |
992 | 1094 | ) |
993 | 1095 | } |
| 1096 | + it { |
| 1097 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1098 | + content: %r{^\s+GssapiNameAttributes\sjson$}, |
| 1099 | + ) |
| 1100 | + } |
| 1101 | + it { |
| 1102 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1103 | + content: %r{^\s+GssapiNegotiateOnce\sOn$}, |
| 1104 | + ) |
| 1105 | + } |
| 1106 | + it { |
| 1107 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1108 | + content: %r{^\s+GssapiPublishErrors\sOn$}, |
| 1109 | + ) |
| 1110 | + } |
| 1111 | + it { |
| 1112 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1113 | + content: %r{^\s+GssapiPublishMech\sOn$}, |
| 1114 | + ) |
| 1115 | + } |
| 1116 | + it { |
| 1117 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1118 | + content: %r{^\s+GssapiRequiredNameAttributes\s"auth-indicators=high"$}, |
| 1119 | + ) |
| 1120 | + } |
| 1121 | + it { |
| 1122 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1123 | + content: %r{^\s+GssapiSessionKey\sfile:/path/to/example\.key$}, |
| 1124 | + ) |
| 1125 | + } |
| 1126 | + it { |
| 1127 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1128 | + content: %r{^\s+GssapiSignalPersistentAuth\sOn$}, |
| 1129 | + ) |
| 1130 | + } |
| 1131 | + it { |
| 1132 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1133 | + content: %r{^\s+GssapiSSLonly\sOn$}, |
| 1134 | + ) |
| 1135 | + } |
| 1136 | + it { |
| 1137 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1138 | + content: %r{^\s+GssapiUseS4U2Proxy\sOn$}, |
| 1139 | + ) |
| 1140 | + } |
| 1141 | + it { |
| 1142 | + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
| 1143 | + content: %r{^\s+GssapiUseSessions\sOn$}, |
| 1144 | + ) |
| 1145 | + } |
994 | 1146 | it { |
995 | 1147 | is_expected.to contain_concat__fragment('rspec.example.com-directories').with( |
996 | 1148 | content: %r{^\s+SSLVerifyClient\soptional$}, |
|
0 commit comments