Changes between Initial Version and Version 1 of RubyCASServer


Ignore:
Timestamp:
Oct 27, 2011 11:29:26 AM (13 years ago)
Author:
brose
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • RubyCASServer

    v1 v1  
     1RUBYCAS SERVER USING MOD_PASSENGER, LOCAL MYSQL DATABASE, AND LDAP AUTH ON PUIAS[[BR]]
     2[[BR]]
     3[root@localhost ~]# yum install puias-{addons,unsupported}[[BR]]
     4[root@localhost ~]# yum install rubygem-rubycas-server ruby-mysql mod_ssl mod_passenger mysql-server rubygem-net-ldap[[BR]]
     5[[BR]]
     6Open /etc/sysconfig/iptables and allow port 443 (https) traffic:[[BR]]
     7-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT[[BR]]
     8[[BR]]
     9Create the file /usr/lib/ruby/gems/1.8/gems/rubycas-server-1.0/config.ru[[BR]]
     10See the example in this folder.[[BR]]
     11[[BR]]
     12Configure httpd:[[BR]]
     13[root@localhost ~]# chkconfig httpd on[[BR]]
     14[root@localhost ~]# rm -f /etc/httpd/conf.d/welcome.conf[[BR]]
     15Configure /etc/httpd/conf.d/ssl.conf as per the given example[[BR]]
     16[[BR]]
     17Create a test cert and key for httpd - BE SURE TO REPLACE THESE IN PRODUCTION:[[BR]]
     18[root@localhost ~]# cd /etc/pki/tls/certs[[BR]]
     19[root@localhost ~]# make httpd.pem[[BR]]
     20[Fill out the questionaire][[BR]]
     21[[BR]]
     22Configure MySQL:[[BR]]
     23[root@localhost ~]# chkconfig mysqld on[[BR]]
     24[root@localhost ~]# service mysqld start[[BR]]
     25[root@localhost ~]# /usr/bin/mysql_secure_installation[[BR]]
     26Fill out the questions, be sure to set a new root password and remove all test accounts/dbs.[[BR]]
     27[root@localhost ~]# mysql -u root -p[[BR]]
     28mysql> create database casserver;[[BR]]
     29mysql> use casserver;[[BR]]
     30mysql> source /path/to/create_rubycas_mysql_db.sql[[BR]]
     31[[BR]]
     32Create and configure the file /etc/rubycas-server/config.yml[[BR]]
     33See example in this folder.[[BR]]
     34[[BR]]
     35At this point, you can test your implementation:[[BR]]
     36[root@localhost ~]# setenforce 0[[BR]]
     37[root@localhost ~]# service httpd start[[BR]]
     38[[BR]]
     39Note that I disabled SELinux. This should be used only for testing purposes, to generate policy files.[[BR]]
     40Please see rubycas-server.te in this directory for an example SELinux policy file that worked for me.[[BR]]