diary/apache_diary.conf

# SPDX-License-Identifier: Apache-2.0
# Copyright (C) 2021 OKTET Labs Ltd. All rights reserved.

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

<Directory *>
	# Allows the request only if both requirements are met (auth AND access)
	Satisfy All

	# GSSAPI authentication module configuration
	AuthType GSSAPI
	AuthName "Private access"
	GssapiCredStore keytab:/etc/apache2/web.keytab
	# Connection MUST be established over TLS
	GssapiSSLonly Off
	# Kerberos5 is the only allowed mechanism
	GssapiAllowedMech krb5
	# Allow to use basic authentication with Kerberos5 mechanism
	GssapiBasicAuth On
	GssapiBasicAuthMech krb5
	# Enable negotiate once since it is intended for password-only auth
	GssapiNegotiateOnce On
	# Suppress negotiation for 'reviewboard' and 'safari'
	BrowserMatch reviewboard safari gssapi-no-negotiate
	# ???
	GssapiLocalName On

	Options FollowSymLinks
	AllowOverride None

	AuthLDAPURL "ldap://ldap.example.com/ou=People,dc=example,dc=com?uid,mail,cn,o?sub?"
	<RequireAll>
		Require ldap-filter uid=*
		Require valid-user
	</RequireAll>
</Directory>

ScriptAlias /cgi-bin/ /var/www/cgi-bin/
<Directory "/var/www/cgi-bin">
	AllowOverride None
	Options ExecCGI FollowSymLinks
</Directory>

#Settings fo Diary
Alias /main/diary/css /var/www/cgi-bin/diary/css
Alias /main/diary/js /var/www/cgi-bin/diary/js
Alias /main/diary/diary.js /var/www/cgi-bin/diary/diary.js
Alias /main/diary/diary.css /var/www/cgi-bin/diary/diary.css
Alias /main/diary/favicon.css /var/www/cgi-bin/diary/favicon.css
Alias /main/diary/diary_next.png /var/www/cgi-bin/diary/diary_next.png
Alias /main/diary/diary_prev.png /var/www/cgi-bin/diary/diary_prev.png
Alias /public/logo-small.gif /var/www/cgi-bin/diary/logo-small.gif

<Location "/">
	Require ldap-filter uid=*
</Location>

<Location "/cgi-bin/diary">
	Require ldap-filter o=*
</Location>
Import the first public release Signed-off-by: OKTET Labs Ltd. <diary-maint@oktetlabs.ru> 2021-12-20 12:32:51 +00:00			`# SPDX-License-Identifier: Apache-2.0`
			`# Copyright (C) 2021 OKTET Labs Ltd. All rights reserved.`

			`# vim: syntax=apache ts=4 sw=4 sts=4 sr noet`

Update apache default config file Signed-off-by: Sergey Bogdanov <sergey.bogdanov@oktetlabs.ru> 2024-01-10 12:30:30 +00:00			`<Directory *>`
			`# Allows the request only if both requirements are met (auth AND access)`
			`Satisfy All`

			`# GSSAPI authentication module configuration`
			`AuthType GSSAPI`
			`AuthName "Private access"`
			`GssapiCredStore keytab:/etc/apache2/web.keytab`
			`# Connection MUST be established over TLS`
			`GssapiSSLonly Off`
			`# Kerberos5 is the only allowed mechanism`
			`GssapiAllowedMech krb5`
			`# Allow to use basic authentication with Kerberos5 mechanism`
			`GssapiBasicAuth On`
			`GssapiBasicAuthMech krb5`
			`# Enable negotiate once since it is intended for password-only auth`
			`GssapiNegotiateOnce On`
			`# Suppress negotiation for 'reviewboard' and 'safari'`
			`BrowserMatch reviewboard safari gssapi-no-negotiate`
			`# ???`
			`GssapiLocalName On`

			`Options FollowSymLinks`
			`AllowOverride None`

			`AuthLDAPURL "ldap://ldap.example.com/ou=People,dc=example,dc=com?uid,mail,cn,o?sub?"`
			`<RequireAll>`
			`Require ldap-filter uid=*`
			`Require valid-user`
			`</RequireAll>`
			`</Directory>`

Import the first public release Signed-off-by: OKTET Labs Ltd. <diary-maint@oktetlabs.ru> 2021-12-20 12:32:51 +00:00			`ScriptAlias /cgi-bin/ /var/www/cgi-bin/`
			`<Directory "/var/www/cgi-bin">`
			`AllowOverride None`
			`Options ExecCGI FollowSymLinks`
			`</Directory>`

			`#Settings fo Diary`
			`Alias /main/diary/css /var/www/cgi-bin/diary/css`
			`Alias /main/diary/js /var/www/cgi-bin/diary/js`
			`Alias /main/diary/diary.js /var/www/cgi-bin/diary/diary.js`
			`Alias /main/diary/diary.css /var/www/cgi-bin/diary/diary.css`
			`Alias /main/diary/favicon.css /var/www/cgi-bin/diary/favicon.css`
			`Alias /main/diary/diary_next.png /var/www/cgi-bin/diary/diary_next.png`
			`Alias /main/diary/diary_prev.png /var/www/cgi-bin/diary/diary_prev.png`
			`Alias /public/logo-small.gif /var/www/cgi-bin/diary/logo-small.gif`
Update apache default config file Signed-off-by: Sergey Bogdanov <sergey.bogdanov@oktetlabs.ru> 2024-01-10 12:30:30 +00:00
			`<Location "/">`
			`Require ldap-filter uid=*`
Import the first public release Signed-off-by: OKTET Labs Ltd. <diary-maint@oktetlabs.ru> 2021-12-20 12:32:51 +00:00			`</Location>`
Update apache default config file Signed-off-by: Sergey Bogdanov <sergey.bogdanov@oktetlabs.ru> 2024-01-10 12:30:30 +00:00
			`<Location "/cgi-bin/diary">`
			`Require ldap-filter o=*`
			`</Location>`