[debian-edu-commits] [Git][debian-edu/debian-edu-config][mr/fix-apache2-config] 2 commits: share/debian-edu-config/tools/copy-host-keytab: Support SSH publickey login to...
Mike Gabriel (@sunweaver)
gitlab at salsa.debian.org
Fri May 22 23:28:46 BST 2026
Mike Gabriel pushed to branch mr/fix-apache2-config at Debian Edu / debian-edu-config
Commits:
c53528cf by Mike Gabriel at 2026-05-07T22:28:30+02:00
share/debian-edu-config/tools/copy-host-keytab: Support SSH publickey login to tjener, if this is possible (e.g. if admin is using SSH agent forwarding).
- - - - -
b892e2fa by Daniel Teichmann at 2026-05-22T22:28:45+00:00
apache2 debian-edu-default.conf: Do not force HTTPS on *.crt (including Debian-Edu_rootCA.crt).
Closes: #1068388
- - - - -
2 changed files:
- etc/apache2/sites-available/debian-edu-default.conf
- share/debian-edu-config/tools/copy-host-keytab
Changes:
=====================================
etc/apache2/sites-available/debian-edu-default.conf
=====================================
@@ -7,7 +7,9 @@
<Directory /etc/debian-edu/www/ >
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
+ # HTTP only: wpad.dat + Debian-Edu_rootCA.crt
RewriteCond %{REQUEST_URI} !\.dat$
+ RewriteCond %{REQUEST_URI} !\.crt$
RewriteRule ^(.*)$ https://%{SERVER_ADDRESS}/$1 [R=301,L]
Options Indexes FollowSymLinks MultiViews
AllowOverride None
=====================================
share/debian-edu-config/tools/copy-host-keytab
=====================================
@@ -1,6 +1,21 @@
#!/bin/sh
set -e
-kinit
+
+if [ $(id -u) -gt 0 ]; then
+ echo "ERROR: This script has to run as super-user root."
+ exit 1
+fi
+
+# Attempt passwordless SSH login root at tjener (could be publickey, gssapi-keyex, or gssapi-with-mic)
+set +e
+ssh -o PasswordAuthentication=no -o KbdInteractiveAuthentication=no tjener "echo -n" 2>/dev/null
+ret=$?
+set -e
+if [ "${ret}" != "0" ]; then
+ # Try to get a Kerberos ticket for root instead to use GSSAPI login.
+ kinit root
+fi
+
scp tjener:/var/lib/debian-edu/host-keytabs/$(hostname -s).intern.keytab /etc/krb5.keytab
# Special case separate LTSP server.
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/2a7c191cd407db60e0ce8bff977fdadd6f15a6a1...b892e2fa02609b78d959c76db47a73bc1c8f559f
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/2a7c191cd407db60e0ce8bff977fdadd6f15a6a1...b892e2fa02609b78d959c76db47a73bc1c8f559f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20260522/cd622998/attachment-0001.htm>
More information about the debian-edu-commits
mailing list