From 7267ca1518e6de0b7fbc680b24f562c3cf0cc598 Mon Sep 17 00:00:00 2001 From: Oliver Freyermuth Date: Tue, 8 Feb 2022 14:03:39 +0100 Subject: [PATCH 1/2] mod_auth_gssapi: Add support for GssapiBasicAuth. This adds support for the GssapiBasicAuth setting which allows to fall back to basic auth if NEGOTIATE fails. --- manifests/vhost.pp | 1 + spec/defines/vhost_spec.rb | 6 ++++++ templates/vhost/_gssapi.epp | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 1ad825fa11..49c0a83eb4 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -1509,6 +1509,7 @@ # directories => [ # { path => '/path/to/different/dir', # gssapi => { +# basicauth => 'On', # credstore => 'keytab:/foo/bar.keytab', # localname => 'Off', # sslonly => 'On', diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 730e9e0bfa..c92d96b2ef 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -252,6 +252,7 @@ 'passenger_app_log_file' => '/tmp/app.log', 'passenger_debugger' => false, 'gssapi' => { + 'basicauth' => 'On', 'credstore' => 'keytab:/foo/bar.keytab', 'localname' => 'On', 'sslonly' => 'Off', @@ -943,6 +944,11 @@ content: %r{^\s+PassengerDebugger\sOff$}, ) } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+GssapiBasicAuth\sOn$}, + ) + } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( content: %r{^\s+GssapiCredStore\skeytab:/foo/bar.keytab$}, diff --git a/templates/vhost/_gssapi.epp b/templates/vhost/_gssapi.epp index 4f2d9f9114..991c9d51d2 100644 --- a/templates/vhost/_gssapi.epp +++ b/templates/vhost/_gssapi.epp @@ -1,10 +1,14 @@ <%| # https://github.com/gssapi/mod_auth_gssapi + Optional[Enum['On','Off']] $basicauth = undef, Optional[String[1]] $credstore = undef, Optional[Enum['On','Off']] $sslonly = undef, Optional[Enum['On','Off']] $localname = undef, |%> # mod_auth_gssapi configuration +<% if $basicauth { -%> + GssapiBasicAuth <%= $basicauth %> +<% } -%> <% if $sslonly { -%> GssapiSSLonly <%= $sslonly %> <% } -%> From c8a2f246ecd0e862c1c0011d0a243c00f3b96a83 Mon Sep 17 00:00:00 2001 From: Oliver Freyermuth Date: Tue, 8 Feb 2022 14:56:42 +0100 Subject: [PATCH 2/2] mod_auth_gssapi: Improve indentation in vhost/_gssapi template. --- templates/vhost/_gssapi.epp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_gssapi.epp b/templates/vhost/_gssapi.epp index 991c9d51d2..789e90595b 100644 --- a/templates/vhost/_gssapi.epp +++ b/templates/vhost/_gssapi.epp @@ -5,7 +5,7 @@ Optional[Enum['On','Off']] $sslonly = undef, Optional[Enum['On','Off']] $localname = undef, |%> -# mod_auth_gssapi configuration + # mod_auth_gssapi configuration <% if $basicauth { -%> GssapiBasicAuth <%= $basicauth %> <% } -%>