Use GSSAPI authentication for the WebPanel service.

1 files changed, 11 insertions, 8 deletions

diff --git a/config.in b/config.in
index c2011d1..da19ad1 100644
--- a/config.in
+++ b/config.in
@@ -1,9 +1,7 @@
 # This is the custom configuration for the Fripost Administration Panel,
 # which takes precedence over the default configuration in 'default.in'.
 
-
-# TODO: The secure flag should be left on on HTTPS connections.
-secure_cookie = 0
+secure_cookie = 1
 
 # Where the error reports should be sent to.
 report_email = admin@fripost.org
@@ -14,9 +12,14 @@ default_realm = fripost.org
 # The LDAP suffix that will be appended to bind and search DN:s.
 ldap_suffix = ou=virtual,o=mailHosting,dc=fripost,dc=dev
 
-# TODO: This should be replaced with a Keberos ticket.
-ldap_authcID = AdminWebPanel@fripost.org
-ldap_authcPW = panel
+# The authentication ID for SASL binds. This has to be a kerberos
+# principal, and a ticket has to be cached for the user running the
+# program.
+krb5_principal = AdminWebPanel/fripost.org@FRIPOST.ORG
+
+# The hostname associated with the 'ldap/...' principal. (Probably the
+# fqdn of the machine running slapd).
+krb5_host = gnu.friprogramvarusyndikatet.se
 
 # The minimum password length.
 password_min_length = 12
@@ -26,5 +29,5 @@ gpg_private_key_id = ECFA6E43
 gpg_private_key_passphrase = xxxxxxxxxxxx
 
 # URL prefixes of the admin web interface for the list managers.
-listurl_mailman = http://smtp.fripost.org/cgi-bin/mailman/admin/
-listurl_schleuder = http://smtp.fripost.org/
+listurl_mailman = https://lists.fripost.org/mailman/admin/
+listurl_schleuder = https://lists.fripost.org/schleuder/