From d1f768c81a0d18111c83685dadffd24b242206dc Mon Sep 17 00:00:00 2001 From: Sergey Bogdanov Date: Wed, 10 Jan 2024 15:30:30 +0300 Subject: [PATCH] Update apache default config file Signed-off-by: Sergey Bogdanov --- apache_diary.conf | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/apache_diary.conf b/apache_diary.conf index a438da7..c049fa3 100644 --- a/apache_diary.conf +++ b/apache_diary.conf @@ -3,6 +3,38 @@ # vim: syntax=apache ts=4 sw=4 sts=4 sr noet + + # Allows the request only if both requirements are met (auth AND access) + Satisfy All + + # GSSAPI authentication module configuration + AuthType GSSAPI + AuthName "Private access" + GssapiCredStore keytab:/etc/apache2/web.keytab + # Connection MUST be established over TLS + GssapiSSLonly Off + # Kerberos5 is the only allowed mechanism + GssapiAllowedMech krb5 + # Allow to use basic authentication with Kerberos5 mechanism + GssapiBasicAuth On + GssapiBasicAuthMech krb5 + # Enable negotiate once since it is intended for password-only auth + GssapiNegotiateOnce On + # Suppress negotiation for 'reviewboard' and 'safari' + BrowserMatch reviewboard safari gssapi-no-negotiate + # ??? + GssapiLocalName On + + Options FollowSymLinks + AllowOverride None + + AuthLDAPURL "ldap://ldap.example.com/ou=People,dc=example,dc=com?uid,mail,cn,o?sub?" + + Require ldap-filter uid=* + Require valid-user + + + ScriptAlias /cgi-bin/ /var/www/cgi-bin/ AllowOverride None @@ -18,6 +50,11 @@ Alias /main/diary/favicon.css /var/www/cgi-bin/diary/favicon.css Alias /main/diary/diary_next.png /var/www/cgi-bin/diary/diary_next.png Alias /main/diary/diary_prev.png /var/www/cgi-bin/diary/diary_prev.png Alias /public/logo-small.gif /var/www/cgi-bin/diary/logo-small.gif - - Require ldap-filter o=People + + + Require ldap-filter uid=* + + + Require ldap-filter o=* + \ No newline at end of file