Changes between Version 3 and Version 4 of RubyCASServer


Ignore:
Timestamp:
Oct 28, 2011 9:14:28 AM (11 years ago)
Author:
brose
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • RubyCASServer

    v3 v4  
    11RUBYCAS SERVER USING MOD_PASSENGER, LOCAL MYSQL DATABASE, AND LDAP AUTH ON PUIAS[[BR]]
    22[[BR]]
     3{{{
    34[root@localhost ~]# yum install puias-{addons,unsupported}[[BR]]
    4 [root@localhost ~]# yum install rubygem-rubycas-server ruby-mysql mod_ssl mod_passenger mysql-server rubygem-net-ldap[[BR]]
     5[root@localhost ~]# yum install ruby{-mysql,gem-rubycas-server,gem-net-ldap} mod_{ssl,passenger} mysql-server
     6}}}
    57[[BR]]
    68Open /etc/sysconfig/iptables and allow port 443 (https) traffic:[[BR]]
     
    1012[[BR]]
    1113Configure httpd:[[BR]]
    12 [root@localhost ~]# chkconfig httpd on[[BR]]
    13 [root@localhost ~]# rm -f /etc/httpd/conf.d/welcome.conf[[BR]]
     14{{{
     15[root@localhost ~]# chkconfig httpd on
     16[root@localhost ~]# rm -f /etc/httpd/conf.d/welcome.conf
     17}}}
    1418Configure /etc/httpd/conf.d/ssl.conf to look something like this:[[BR]]
    1519{{{
     
    6165[[BR]]
    6266Create a test cert and key for httpd - BE SURE TO REPLACE THESE IN PRODUCTION:[[BR]]
    63 [root@localhost ~]# cd /etc/pki/tls/certs[[BR]]
    64 [root@localhost ~]# make httpd.pem[[BR]]
    65 [Fill out the questionaire][[BR]]
    66 [[BR]]
    67 Configure MySQL:[[BR]]
    68 [root@localhost ~]# chkconfig mysqld on[[BR]]
    69 [root@localhost ~]# service mysqld start[[BR]]
    70 [root@localhost ~]# /usr/bin/mysql_secure_installation[[BR]]
    71 Fill out the questions, be sure to set a new root password and remove all test accounts/dbs.[[BR]]
    72 [root@localhost ~]# mysql -u root -p[[BR]]
    73 mysql> create database casserver;[[BR]]
    74 mysql> use casserver;[[BR]]
    75 mysql> source /etc/rubycas-server/create_rubycas_mysql_db.sql[[BR]]
     67{{{
     68[root@localhost ~]# cd /etc/pki/tls/certs
     69[root@localhost ~]# make httpd.pem
     70Now fill out the questionaire...
     71}}}
     72[[BR]]
     73Configure MySQL (example assumes local mysql):[[BR]]
     74{{{
     75[root@localhost ~]# chkconfig mysqld on
     76[root@localhost ~]# service mysqld start
     77[root@localhost ~]# /usr/bin/mysql_secure_installation
     78}}}
     79Fill out the questions, be sure to set a new root password and remove all test accounts/dbs. It would also be very wise to create a rubycas user with limited permissions, doing so is beyond the scope of this document.[[BR]]
     80{{{
     81[root@localhost ~]# mysql -u root -p
     82mysql> create database casserver;
     83mysql> use casserver;
     84mysql> source /etc/rubycas-server/create_rubycas_mysql_db.sql
     85}}}
    7686[[BR]]
    7787Create and configure the file /etc/rubycas-server/config.yml[[BR]]
     
    8595  password: CHANGEME
    8696  host: localhost
    87  
     97  reconnect: true
    8898authenticator:
    8999  class: CASServer::Authenticators::LDAP
     
    104114[[BR]]
    105115At this point, you can test your implementation:[[BR]]
    106 [root@localhost ~]# setenforce 0[[BR]]
    107 [root@localhost ~]# service httpd start[[BR]]
    108 [[BR]]
    109 Note that I disabled SELinux. This should be used only for testing purposes, to generate policy files.[[BR]]
    110 Here is an example SELinux policy file that worked for me (but needs a serious cleanup):[[BR]]
     116{{{
     117[root@localhost ~]# setenforce 0
     118[root@localhost ~]# service httpd start
     119}}}
     120[[BR]]
     121Note that I disabled SELinux. This should be used only for testing purposes, to generate policy files. Here is an example SELinux policy file that worked for me (but needs a serious cleanup):[[BR]]
    111122{{{
    112123module rubycasserver 1.0;