1 |
|
# $Id: mod_auth_tkt.spec 8700 2010-03-23 13:48:00Z shuff $ |
2 |
# Use "--define='apache 1'" to build a 'mod_auth_tkt1' package for apache1 |
# Authority: shuff |
3 |
%define httpd httpd |
# Upstream: <modauthtkt-users$lists,sourceforge,net> |
4 |
%define name mod_auth_tkt |
# ExcludeDist: el3 el4 |
5 |
%define apxs /usr/sbin/apxs |
|
6 |
%{?apache:%define httpd apache} |
Summary: Single-sign-on authentication module for Apache |
7 |
%{?apache:%define name mod_auth_tkt1} |
Name: mod_auth_tkt |
8 |
%{?apache:%define apxs /usr/sbin/apxs1} |
Version: 2.1.0 |
9 |
|
Release: 2%{?dist} |
10 |
%define perl_vendorlib %(eval "`perl -V:installvendorlib`"; echo $installvendorlib) |
License: GPL |
11 |
|
Group: System Environment/Daemons |
|
Summary: Lightweight ticket-based authentication module for Apache. |
|
|
Name: %{name} |
|
|
Version: 2.3.99b1 |
|
|
Release: 3%{?dist} |
|
|
License: Apache |
|
|
Group: Applications/System |
|
|
Source: http://www.openfusion.com.au/labs/dist/mod_auth_tkt-%{version}.tar.gz |
|
|
Patch0: mod_auth_tkt-2.3.99b1-betterredirection.patch |
|
12 |
URL: http://www.openfusion.com.au/labs/mod_auth_tkt/ |
URL: http://www.openfusion.com.au/labs/mod_auth_tkt/ |
13 |
Buildroot: %_tmppath/%{name}-%{version} |
|
14 |
Requires: %{httpd} |
Packager: Steve Huff <shuff@vecna.org> |
15 |
BuildRequires: %{httpd}-devel |
Vendor: Dag Apt Repository, http://dag.wieers.com/apt/ |
16 |
|
|
17 |
|
Source: http://www.openfusion.com.au/labs/dist/mod_auth_tkt/mod_auth_tkt-%{version}.tar.gz |
18 |
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root |
19 |
|
|
20 |
|
BuildRequires: httpd-devel |
21 |
|
Requires: httpd |
22 |
|
|
23 |
%description |
%description |
24 |
mod_auth_tkt provides lightweight, repository-agnostic, ticket-based |
mod_auth_tkt is a lightweight single-sign-on authentication module for apache, |
25 |
authentication for Apache. It implements a single-signon framework that |
supporting versions 2.0.x and 2.2.x. It uses secure cookie-based tickets to |
26 |
works across multiple apache instances and multiple machines. The actual |
implement a single-signon framework that works across multiple apache instances |
27 |
authentication requires a user-supplied CGI or script of some kind - see |
and servers. |
28 |
the mod_auth_tkt-cgi package for perl cgi versions. |
|
29 |
|
mod_auth_tkt itself is completely repository-agnostic, as the actual |
30 |
|
authentication is done by a user-supplied CGI or script in your language of |
31 |
|
choice (examples are provided in Perl, with contrib libraries for use with |
32 |
|
python and PHP). This allows authentication against virtually any kind of user |
33 |
|
repository you can imagine (password files, ldap directories, databases, etc.) |
34 |
|
|
35 |
|
mod_auth_tkt supports inactivity timeouts (including the ability to control how |
36 |
|
aggressively the ticket is refreshed), the ability to include arbitrary user |
37 |
|
data within the cookie, configurable cookie names and domains, and token-based |
38 |
|
access to subsections of a site. |
39 |
|
|
40 |
|
mod_auth_tkt works by checking incoming Apache requests for a (user-defined) |
41 |
|
cookie containing a valid authentication ticket. The ticket is checked by |
42 |
|
generating an MD5 checksum for the username and any (optional) user data from |
43 |
|
the ticket together with the requesting IP address and a shared secret |
44 |
|
available to the server. If the generated MD5 checksum matches the ticket's |
45 |
|
checksum, the ticket is valid and the request is authorised. Requests without a |
46 |
|
valid ticket are redirected to a configurable URL which is expected to validate |
47 |
|
the user and generate a ticket for them. This package includes a Perl module |
48 |
|
and working CGI scripts for generating the cookies, as well as contributed |
49 |
|
classes for PHP and Python environments. |
50 |
|
|
51 |
%package cgi |
%package cgi |
52 |
Release: 1%{?org_tag}%{?dist} |
Summary: CGI scripts for mod_auth_tkt |
|
Summary: CGI scripts for mod_auth_tkt apache authentication modules. |
|
53 |
Group: Applications/System |
Group: Applications/System |
54 |
Requires: %{name} = %{version} |
Requires: %{name} = %{version} |
55 |
|
Requires: perl(Apache::Htpasswd) |
56 |
|
|
57 |
%description cgi |
%description cgi |
58 |
Perl CGI scripts for use with mod_auth_tkt. |
Perl CGI scripts for use with mod_auth_tkt. |
59 |
|
|
|
|
|
60 |
%prep |
%prep |
61 |
%setup -n mod_auth_tkt-%{version} |
%setup -n %{name}-%{version} |
|
%patch0 -p1 |
|
62 |
|
|
63 |
%build |
%build |
64 |
test %{debug} == 1 && DEBUG='--debug' |
./configure --apxs="%{_sbindir}/apxs" --apachever="2.2" |
65 |
MOD_PERL=`rpm -q mod_perl | grep '^mod_perl' || /bin/true` |
%{__make} %{?_smp_mflags} |
|
if [ -n "$MOD_PERL" -a %{test} == 1 ]; then |
|
|
./configure --apxs=%{apxs} --test $DEBUG |
|
|
make |
|
|
make test |
|
|
else |
|
|
./configure --apxs=%{apxs} $DEBUG |
|
|
make |
|
|
fi |
|
66 |
|
|
67 |
%install |
%install |
68 |
test "$RPM_BUILD_ROOT" != "/" && rm -rf $RPM_BUILD_ROOT |
%{__rm} -rf %{buildroot} |
69 |
mkdir -p $RPM_BUILD_ROOT%{_libdir}/%{httpd}/modules |
mkdir -p $RPM_BUILD_ROOT%{_libdir}/httpd/modules |
70 |
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/%{httpd}/conf.d |
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d |
|
#mkdir -p $RPM_BUILD_ROOT/usr/share/doc/%{name}-%{version}/cgi |
|
|
mkdir -p $RPM_BUILD_ROOT/usr/share/doc/%{name}-%{version}/contrib |
|
71 |
mkdir -p $RPM_BUILD_ROOT/var/www/auth |
mkdir -p $RPM_BUILD_ROOT/var/www/auth |
72 |
#mkdir -p $RPM_BUILD_ROOT/%{perl_vendorlib}/Apache |
/usr/sbin/apxs -i -n "auth_tkt" -S LIBEXECDIR=$RPM_BUILD_ROOT%{_libdir}/httpd/modules src/mod_auth_tkt.la |
73 |
if [ %{httpd} == apache ]; then |
install -m 644 conf/02_auth_tkt.conf $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ |
74 |
%{apxs} -i -n "auth_tkt" -S LIBEXECDIR=$RPM_BUILD_ROOT%{_libdir}/%{httpd}/modules src/mod_auth_tkt.so |
install -m 644 conf/auth_tkt_cgi.conf $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ |
|
else |
|
|
%{apxs} -i -n "auth_tkt" -S LIBEXECDIR=$RPM_BUILD_ROOT%{_libdir}/%{httpd}/modules src/mod_auth_tkt.la |
|
|
fi |
|
|
install -m 644 conf/02_auth_tkt.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{httpd}/conf.d/ |
|
|
install -m 644 conf/auth_tkt_cgi.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{httpd}/conf.d/ |
|
|
#cp cgi/Apache/* $RPM_BUILD_ROOT/%{perl_vendorlib}/Apache |
|
|
#cp -pr cgi/* $RPM_BUILD_ROOT/usr/share/doc/%{name}-%{version}/cgi |
|
|
#rm -rf $RPM_BUILD_ROOT/usr/share/doc/%{name}-%{version}/cgi/Apache |
|
75 |
cp -pr cgi/* $RPM_BUILD_ROOT/var/www/auth |
cp -pr cgi/* $RPM_BUILD_ROOT/var/www/auth |
76 |
rm -rf $RPM_BUILD_ROOT/var/www/auth/Apache |
rm -rf $RPM_BUILD_ROOT/var/www/auth/Apache |
77 |
cp -pr contrib/* $RPM_BUILD_ROOT/usr/share/doc/%{name}-%{version}/contrib |
pushd doc |
|
rm -rf $RPM_BUILD_ROOT/usr/share/doc/%{name}-%{version}/contrib/t |
|
|
cp -pr README* INSTALL LICENSE CREDITS $RPM_BUILD_ROOT/usr/share/doc/%{name}-%{version} |
|
|
cd doc |
|
78 |
make DESTDIR=$RPM_BUILD_ROOT install |
make DESTDIR=$RPM_BUILD_ROOT install |
79 |
|
popd |
80 |
|
|
81 |
%clean |
%clean |
82 |
test "$RPM_BUILD_ROOT" != "/" && rm -rf $RPM_BUILD_ROOT |
%{__rm} -rf %{buildroot} |
83 |
|
|
84 |
%files |
%files |
85 |
%defattr(-,root,root) |
%defattr(-, root, root) |
86 |
%{_libdir}/%{httpd} |
%doc README* INSTALL LICENSE ChangeLog CREDITS contrib/ |
87 |
#%{perl_vendorlib}/Apache/AuthTkt.pm |
%doc %{_mandir}/man?/* |
88 |
%doc /usr/share/doc/%{name}-%{version} |
%config(noreplace) %{_sysconfdir}/httpd/conf.d/02_auth_tkt.conf |
89 |
%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/%{httpd}/conf.d/02_auth_tkt.conf |
%{_libdir}/httpd/modules/* |
|
/usr/share/man/*/* |
|
90 |
|
|
91 |
%files cgi |
%files cgi |
92 |
%defattr(-,root,root) |
%defattr(-, root, root) |
93 |
%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/%{httpd}/conf.d/auth_tkt_cgi.conf |
%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/auth_tkt_cgi.conf |
94 |
%config(noreplace)/var/www/auth/AuthTktConfig.pm |
%config(noreplace)/var/www/auth/AuthTktConfig.pm |
95 |
%config(noreplace)/var/www/auth/tkt.css |
%config(noreplace)/var/www/auth/tkt.css |
96 |
/var/www/auth/*.cgi |
/var/www/auth/*.cgi |
97 |
|
|
98 |
%changelog |
%changelog |
99 |
* Mon Jun 13 2016 JP Pialasse <tests@pialasse.com> 2.3.99b1-3 |
* Tue Mar 23 2010 Steve Huff <shuff@vecna.org> - 2.1.0-2 - 8700/shuff |
100 |
- backport to SME9 |
- The CGI Apache config file goes in the cgi package. |
|
- fix redirection when proxy ssl [SME: 8825] |
|
|
- update apxs path for SME9 (sbin) |
|
|
|
|
|
* Tue Mar 15 2016 Daniel Berteaud <daniel@firewall-services.com> 2.3.99b1-2 |
|
|
- Tweaks in spec file so it can build in mock/plague [SME: 9310] |
|
|
|
|
|
* Fri Jul 31 2015 Gavin Carr <gavin@openfusion.com.au> 2.3.99b1-1 |
|
|
- Update to version 2.3.99b1, 2.4 release beta1. |
|
|
|
|
|
* Fri Jul 10 2009 Gavin Carr <gavin@openfusion.com.au> 2.1.0 |
|
|
- Bump version number to 2.1.0 for final 2.1 release. |
|
|
|
|
|
* Sat Mar 28 2009 Gavin Carr <gavin@openfusion.com.au> 2.0.99b2 |
|
|
- Bump version number to 2.0.99b2, second beta release of 2.1 branch. |
|
|
- Fix bug with partial-cookie-names incorrectly matching. |
|
|
|
|
|
* Thu Mar 05 2009 Gavin Carr <gavin@openfusion.com.au> 2.0.99b1 |
|
|
- Bump version number to 2.0.99b1, first beta release of 2.1 branch. |
|
|
- Add support for SHA256 digests. |
|
|
- Add TKTAuthSecretOld support. |
|
|
|
|
|
* Fri Feb 27 2009 Gavin Carr <gavin@openfusion.com.au> 2.0.0-1 |
|
|
- Bump to final version 2.0.0. |
|
|
|
|
|
* Fri Feb 27 2009 Gavin Carr <gavin@openfusion.com.au> 2.0.0-1 |
|
|
- Bump to final version 2.0.0. |
|
|
|
|
|
* Tue Mar 04 2008 Gavin Carr <gavin@openfusion.com.au> 2.0.0rc4-1 |
|
|
- Bump to version 2.0.0rc4. |
|
|
|
|
|
* Tue Mar 04 2008 Gavin Carr <gavin@openfusion.com.au> 2.0.0rc3-1 |
|
|
- Set explicit servername in t/TESTS to fix general test failures. |
|
|
- Add explicit Apache 2.2 support. |
|
|
- Add separate mod_auth_tkt-cgi package containing /var/www/auth CGI scripts. |
|
|
- Factor out cgi config settings into AuthTktConfig.pm. |
|
|
- Bump to version 2.0.0rc3. |
|
|
|
|
|
* Wed Nov 28 2006 Gavin Carr <gavin@openfusion.com.au> 2.0.0rc2 |
|
|
- Bump to version 2.0.0rc2. |
|
|
|
|
|
* Wed Nov 01 2006 Charlie Brady <charlie_brady@mitel.com> 2.0.0rc1-2 |
|
|
- Move Apache::AuthTkt into perl's vendorarch directory. |
|
|
|
|
|
* Mon Apr 10 2006 Gavin Carr <gavin@openfusion.com.au> 2.0.0rc1 |
|
|
- Add mod_auth_tkt man page. |
|
|
- Add TKTAuthDebug support, instead of compile-time debug flag. |
|
|
- Add TKTAuthPostTimeoutURL support (Michael Peters). |
|
|
|
|
|
* Mon Oct 24 2005 Gavin Carr <gavin@openfusion.com.au> 2.0.0b7 |
|
|
- Deprecate TKTAuthTimeoutMin, replacing with TKTAuthTimeout, using units like |
|
|
TKTAuthCookieExpires. |
|
|
- Split out TKTAuthCookieSecure functionality from TKTAuthRequireSSL (Larry |
|
|
Lansing). |
|
|
- Add TKTAuthCookieExpires directive for guest cookies and refreshes. |
|
|
- Add TKTAuthGuestUser %U format support for UUIDs with Apache 2. |
|
|
- Add TKTAuthGuestUser support for setting guest user explicitly. |
|
|
- Fix URI and HTML escaping issues with cgi scripts (Viljo Viitanen). |
|
|
- Update CGI scripts to get local settings via Apache::AuthTkt parse_conf values. |
|
|
- Update Apache::AuthTkt to new version (0.03) with parse_conf support. |
|
|
- Add server config merge support to allow global secrets with vhosts. |
|
|
|
|
|
* Mon Aug 01 2005 Gavin Carr <gavin@openfusion.com.au> 2.0.0b6 |
|
|
- Update specfile to support basic building against apache 1. |
|
|
- Fixed bug with non-base64 quoted ticket values not being parsed correctly. |
|
|
|
|
|
* Tue Jun 14 2005 Gavin Carr <gavin@openfusion.com.au> 2.0.0b5 |
|
|
- Change back url formation to use Host header, not server name/port. |
|
|
- Get cookie_match to skip empty cookies it finds (e.g. logout misconfigs). |
|
|
- Add Ian Bicking's AuthTicket python class in contrib. |
|
|
- Add TKTAuthGuestLogin support based on patch from Ian Bicking. |
|
|
- Add DEBUG_VERBOSE support based on patch from Ian Bicking. |
|
|
- Fixed bug with test harness not generating local module correctly. |
|
|
|
|
|
* Mon May 30 2005 Gavin Carr <gavin@openfusion.com.au> 2.0.0b4 |
|
|
- Change build to include 'make test' only if mod_perl is available. |
|
|
|
|
|
* Sat Apr 30 2005 Gavin Carr <gavin@openfusion.com.au> 2.0.0b3 |
|
|
|
|
|
* Thu Feb 21 2005 Gavin Carr <gavin@openfusion.com.au> 2.0.0b2 |
|
|
- Initial release. |
|
|
|
|
101 |
|
|
102 |
|
* Wed Feb 10 2010 Steve Huff <shuff@vecna.org> - 2.1.0-1 |
103 |
|
- Initial package. |