Hello, Anyone got git-http-backend working with freeipa group auhentication and would like to share their apache .conf file?
I've tried this on the IPA server with a dummy git repository setup in /opt/gitrepos/test1.git gitserver.my.lan is a CNAME for ipaserver.my.lan First, "git clone http://gitserver.my.lan/test1.git"; prompts (even though I have a ticket) for user+pwd but still fails. Any suggestions are welcome! -- john <VirtualHost gitserver.my.lan:80> DocumentRoot /opt/gitrepos # semanage fcontext -a -t git_rw_content_t '/opt/gitrepos(/.*)?' # restorecon -R -v /opt/gitrepos SetEnv GIT_PROJECT_ROOT /opt/gitrepos SetEnv GIT_HTTP_EXPORT_ALL SetEnv REMOTE_USER $REDIRECT_REMOTE_USER ScriptAlias / /usr/libexec/git-core/git-http-backend/ ServerName gitserver.my.lan <Directory "/usr/libexec/git-core"> Options Indexes AllowOverride None Require all granted </Directory> <Directory "/opt/gitrepos"> Options Indexes AllowOverride None Require all granted </Directory> <LocationMatch "/"> AuthType Kerberos AuthName "Kerberos Login" KrbAuthRealm MY.LAN Krb5KeyTab /etc/httpd/conf/ipa.keytab KrbMethodNegotiate on KrbMethodK5Passwd off KrbSaveCredentials on KrbVerifyKDC on KrbServiceName HTTP AuthLDAPUrl ldap://ipaserver.my.lan:389/dc=my,dc=lan?krbPrincipalName Require ldap-group cn=ipausers,dc=my,dc=lan # Allow anyone authenticated users that are ina ipausers group to clone </LocationMatch> </VirtualHost> ~ ~ ~
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
