mod_auth_tkt/sme9/mod_auth_tkt.spec

# $Id: mod_auth_tkt.spec,v 1.3 2016/06/13 08:50:13 unnilennium Exp $
# Authority: shuff
# Upstream: <modauthtkt-users$lists,sourceforge,net>
# ExcludeDist: el3 el4

Summary: Single-sign-on authentication module for Apache
Name: mod_auth_tkt
Version: 2.1.0
Release: 3%{?dist}
License: GPL
Group: System Environment/Daemons
URL: http://www.openfusion.com.au/labs/mod_auth_tkt/

Packager: Steve Huff <shuff@vecna.org>
Vendor: Dag Apt Repository, http://dag.wieers.com/apt/

Source: http://www.openfusion.com.au/labs/dist/mod_auth_tkt/mod_auth_tkt-%{version}.tar.gz
Patch0: mod_auth_tkt-2.1.0-betterredirection.patch 
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root

BuildRequires: httpd-devel
Requires: httpd

%description
mod_auth_tkt is a lightweight single-sign-on authentication module for apache,
supporting versions 2.0.x and 2.2.x. It uses secure cookie-based tickets to
implement a single-signon framework that works across multiple apache instances
and servers.

mod_auth_tkt itself is completely repository-agnostic, as the actual
authentication is done by a user-supplied CGI or script in your language of
choice (examples are provided in Perl, with contrib libraries for use with
python and PHP). This allows authentication against virtually any kind of user
repository you can imagine (password files, ldap directories, databases, etc.)

mod_auth_tkt supports inactivity timeouts (including the ability to control how
aggressively the ticket is refreshed), the ability to include arbitrary user
data within the cookie, configurable cookie names and domains, and token-based
access to subsections of a site.

mod_auth_tkt works by checking incoming Apache requests for a (user-defined)
cookie containing a valid authentication ticket. The ticket is checked by
generating an MD5 checksum for the username and any (optional) user data from
the ticket together with the requesting IP address and a shared secret
available to the server. If the generated MD5 checksum matches the ticket's
checksum, the ticket is valid and the request is authorised. Requests without a
valid ticket are redirected to a configurable URL which is expected to validate
the user and generate a ticket for them. This package includes a Perl module
and working CGI scripts for generating the cookies, as well as contributed
classes for PHP and Python environments.

%package cgi
Summary: CGI scripts for mod_auth_tkt
Group: Applications/System
Requires: %{name} = %{version}
Requires: perl(Apache::Htpasswd)

%description cgi
Perl CGI scripts for use with mod_auth_tkt.

%prep
%setup -n %{name}-%{version}
%patch0 -p1

%build
./configure --apxs="%{_sbindir}/apxs" --apachever="2.2"
%{__make} %{?_smp_mflags}

%install
%{__rm} -rf %{buildroot}
mkdir -p $RPM_BUILD_ROOT%{_libdir}/httpd/modules
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
mkdir -p $RPM_BUILD_ROOT/var/www/auth
/usr/sbin/apxs -i -n "auth_tkt" -S LIBEXECDIR=$RPM_BUILD_ROOT%{_libdir}/httpd/modules src/mod_auth_tkt.la
install -m 644 conf/02_auth_tkt.conf $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/
install -m 644 conf/auth_tkt_cgi.conf $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/
cp -pr cgi/* $RPM_BUILD_ROOT/var/www/auth
rm -rf $RPM_BUILD_ROOT/var/www/auth/Apache
pushd doc
make DESTDIR=$RPM_BUILD_ROOT install
popd

%clean
%{__rm} -rf %{buildroot}

%files
%defattr(-, root, root)
%doc README* INSTALL LICENSE ChangeLog CREDITS contrib/
%doc %{_mandir}/man?/*
%config(noreplace) %{_sysconfdir}/httpd/conf.d/02_auth_tkt.conf
%{_libdir}/httpd/modules/*

%files cgi
%defattr(-, root, root)
%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/auth_tkt_cgi.conf
%config(noreplace)/var/www/auth/AuthTktConfig.pm
%config(noreplace)/var/www/auth/tkt.css
/var/www/auth/*.cgi

%changelog
* Mon Jun 13 2016 JP Pialasse <tests@pialasse.com> 2.1.0-3
- backport to SME9
- fix redirection when proxy ssl  [SME: 8825]
- update apxs path for SME9 (sbin)

* Tue Mar 23 2010 Steve Huff <shuff@vecna.org> - 2.1.0-2 - 8700/shuff
- The CGI Apache config file goes in the cgi package.

* Wed Feb 10 2010 Steve Huff <shuff@vecna.org> - 2.1.0-1
- Initial package.
1	# $Id: mod_auth_tkt.spec,v 1.3 2016/06/13 08:50:13 unnilennium Exp $
2	# Authority: shuff
3	# Upstream: <modauthtkt-users$lists,sourceforge,net>
4	# ExcludeDist: el3 el4
5
6	Summary: Single-sign-on authentication module for Apache
7	Name: mod_auth_tkt
8	Version: 2.1.0
9	Release: 3%{?dist}
10	License: GPL
11	Group: System Environment/Daemons
12	URL: http://www.openfusion.com.au/labs/mod_auth_tkt/
13
14	Packager: Steve Huff <shuff@vecna.org>
15	Vendor: Dag Apt Repository, http://dag.wieers.com/apt/
16
17	Source: http://www.openfusion.com.au/labs/dist/mod_auth_tkt/mod_auth_tkt-%{version}.tar.gz
18	Patch0: mod_auth_tkt-2.1.0-betterredirection.patch
19	BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
20
21	BuildRequires: httpd-devel
22	Requires: httpd
23
24	%description
25	mod_auth_tkt is a lightweight single-sign-on authentication module for apache,
26	supporting versions 2.0.x and 2.2.x. It uses secure cookie-based tickets to
27	implement a single-signon framework that works across multiple apache instances
28	and servers.
29
30	mod_auth_tkt itself is completely repository-agnostic, as the actual
31	authentication is done by a user-supplied CGI or script in your language of
32	choice (examples are provided in Perl, with contrib libraries for use with
33	python and PHP). This allows authentication against virtually any kind of user
34	repository you can imagine (password files, ldap directories, databases, etc.)
35
36	mod_auth_tkt supports inactivity timeouts (including the ability to control how
37	aggressively the ticket is refreshed), the ability to include arbitrary user
38	data within the cookie, configurable cookie names and domains, and token-based
39	access to subsections of a site.
40
41	mod_auth_tkt works by checking incoming Apache requests for a (user-defined)
42	cookie containing a valid authentication ticket. The ticket is checked by
43	generating an MD5 checksum for the username and any (optional) user data from
44	the ticket together with the requesting IP address and a shared secret
45	available to the server. If the generated MD5 checksum matches the ticket's
46	checksum, the ticket is valid and the request is authorised. Requests without a
47	valid ticket are redirected to a configurable URL which is expected to validate
48	the user and generate a ticket for them. This package includes a Perl module
49	and working CGI scripts for generating the cookies, as well as contributed
50	classes for PHP and Python environments.
51
52	%package cgi
53	Summary: CGI scripts for mod_auth_tkt
54	Group: Applications/System
55	Requires: %{name} = %{version}
56	Requires: perl(Apache::Htpasswd)
57
58	%description cgi
59	Perl CGI scripts for use with mod_auth_tkt.
60
61	%prep
62	%setup -n %{name}-%{version}
63	%patch0 -p1
64
65	%build
66	./configure --apxs="%{_sbindir}/apxs" --apachever="2.2"
67	%{__make} %{?_smp_mflags}
68
69	%install
70	%{__rm} -rf %{buildroot}
71	mkdir -p $RPM_BUILD_ROOT%{_libdir}/httpd/modules
72	mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
73	mkdir -p $RPM_BUILD_ROOT/var/www/auth
74	/usr/sbin/apxs -i -n "auth_tkt" -S LIBEXECDIR=$RPM_BUILD_ROOT%{_libdir}/httpd/modules src/mod_auth_tkt.la
75	install -m 644 conf/02_auth_tkt.conf $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/
76	install -m 644 conf/auth_tkt_cgi.conf $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/
77	cp -pr cgi/* $RPM_BUILD_ROOT/var/www/auth
78	rm -rf $RPM_BUILD_ROOT/var/www/auth/Apache
79	pushd doc
80	make DESTDIR=$RPM_BUILD_ROOT install
81	popd
82
83	%clean
84	%{__rm} -rf %{buildroot}
85
86	%files
87	%defattr(-, root, root)
88	%doc README* INSTALL LICENSE ChangeLog CREDITS contrib/
89	%doc %{_mandir}/man?/*
90	%config(noreplace) %{_sysconfdir}/httpd/conf.d/02_auth_tkt.conf
91	%{_libdir}/httpd/modules/*
92
93	%files cgi
94	%defattr(-, root, root)
95	%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/auth_tkt_cgi.conf
96	%config(noreplace)/var/www/auth/AuthTktConfig.pm
97	%config(noreplace)/var/www/auth/tkt.css
98	/var/www/auth/*.cgi
99
100	%changelog
101	* Mon Jun 13 2016 JP Pialasse <tests@pialasse.com> 2.1.0-3
102	- backport to SME9
103	- fix redirection when proxy ssl [SME: 8825]
104	- update apxs path for SME9 (sbin)
105
106	* Tue Mar 23 2010 Steve Huff <shuff@vecna.org> - 2.1.0-2 - 8700/shuff
107	- The CGI Apache config file goes in the cgi package.
108
109	* Wed Feb 10 2010 Steve Huff <shuff@vecna.org> - 2.1.0-1
110	- Initial package.