Category Archives: web apps

Setting up apache httpd and subversion on a redhat host to integrate with Windows AD Domain authentication


The following setup worked for me:

1 using kerberos for the auth module: mod_auth_kerb.so.

I tried to use mod_ntlm but it proved too hard to get it to work on Apache 2.2 on redhat.

I have the following in /etc/krb5.conf:

[libdefaults]
clockskew = 300
default_realm = AAA.BBB.XXX.COM

[realms]
AAA.BBB.XXX.COM = {
kdc = pdc01.aaa.bbb.xxx.com
default_domain = AAA.BBB.XXX.COM
kpasswd_server = pdc01.aaa.bbb.xxx.com
}

[domain_realm]
server01.www.yyy.xxx.com = AAA.BBB.XXX.COM
.yyy.xxx.com = AAA.BBB.XXX.COM
.xxx.com = AAA.BBB.XXX.COM
xxx.com = AAA.BBB.XXX.COM


With that I am to run kinit and get kerberos ticket from the redhat host.

And my /etc/httpd/conf/httpd.conf has:


DAV svn
SVNPath "/path/to/svn_repo"

AuthType Kerberos
AuthName Kerberos
KrbMethodNegotiate Off
KrbMethodK5Passwd On
KrbServiceName Any
KrbAuthRealms AAA.BBB.XXX.COM
KrbSaveCredentials on
KrbLocalUserMapping on
# The last bit I had to fix to get this working:
KrbVerifyKDC Off

AuthzSVNAccessFile /path/to/svn_access_file
require valid-user

Using this setup I can get users to authenticate against the corporate active directory domain controller to access Subversion.

My apache httpd version: 2.2.15
My subversion svn version: 1.6.11

Advertisements

Implementing OAuth2 Learnings


I’ve just recently implemented OAuth2 using Flask and Authomatic to login users via Facebook and Google, and learned a few things in the process:

  • the server IP whitelist in Facebook Developer settings does not have to be set. If it is set, FB will only allow incoming connections from these server addresses. Before I fixed this, I kept getting the result:
  • in login2() handler: Something went wrong: Failed to obtain OAuth 2.0 access token from https://graph.facebook.com/oauth/access_token! HTTP status: 400, message: {“error”:{“message”:”This IP can’t make requests for that application.”,”type”:”OAuthException”,”code”:5}}.

    I was scratching my head, because no matter how I update the IP address whitelist on the FB dev console, I could not get the app to successfully authenticate.

  • the app will need to go through FB status review so that the app can be available publicly, else only the developer account can connect via OAuth2
  • For google, the API for google+ has to be enabled. Before doing this, I kept getting None user results.
  • For both FB and google, the callback URL has to be properly set

I got some help from Peter Hudec and Migs Paraz while troubleshooting the problems.