$ cat .gitconfig
[core]
pager = less -r
editor = vim
[format]
pretty = format:'%C(bold blue)%h%Creset%C(bold yellow)%d%Creset: %C(bold red)%s%Creset - %C(bold magenta)%cn%Creset(%C(bold green)%cd%Creset)'
[alias]
lg = log --graph --date=relative --all
[user]
name = user
email = user@mail.it
martedì 21 luglio 2015
my .gitconfig
apache ssl kerberos5 rhel 6.2
1STOFALL a quick nice guide on what is kerberos http://www.zeroshell.net/kerberos/
INSTALL mod_auth_kerb krb5-workstation pam_krb5 mod_ssl
GENERATE key pair
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
sudo cp ca.crt /etc/pki/tls/certs/
sudo cp ca.key /etc/pki/tls/private/
sudo cp ca.csr /etc/pki/tls/private/
sudo restorecon -RvF /etc/pki
sudo vim /etc/httpd/conf.d/ssl.conf
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo /sbin/service iptables save
sudo iptables -L -v
FIX SHA-2 (256)
openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout ca2.key -out ca2.crt
CONFIG apache with conf.d/web.conf
<Location "/">CONFIG krb5.conf
AuthType Kerberos
AuthName "foo bar baz"
KrbMethodNegotiate off
KrbVerifyKDC off
KrbAuthRealm foo.com
Krb5Keytab /etc/krb5.keytab
KrbSaveCredentials on
Require valid-user
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</Location>
[libdefaults]MAKE your own keytab
ticket_lifetime = 24000
default_realm = RETE.POSTE
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
RETE.POSTE = {
kdc = 10.208.77.84
kdc = 10.205.73.84
admin_server = 10.208.77.84
default_domain = rete.poste
}
[domain_realm]
.rete.poste = RETE.POSTE
rete.poste = RETE.POSTE
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
HTTP/10.1.2.3@foo.comRESTART apache.
ENJOY.
Iscriviti a:
Post (Atom)