Merge branch 'kerberos_config' into 'master'
Add kerberos configuration settings. Closes #731 See merge request !446
This commit is contained in:
commit
40fc4a8687
|
@ -76,6 +76,15 @@ external_url 'GENERATED_EXTERNAL_URL'
|
|||
# sync_ssh_keys: false
|
||||
# EOS
|
||||
|
||||
## Setting up Kerberos (EE only)
|
||||
## See http://doc.gitlab.com/ee/integration/kerberos.html#http-git-access
|
||||
# gitlab_rails['kerberos_enabled'] = true
|
||||
# gitlab_rails['kerberos_keytab'] = /etc/http.keytab
|
||||
# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
|
||||
# gitlab_rails['kerberos_use_dedicated_port'] = true
|
||||
# gitlab_rails['kerberos_port'] = 8443
|
||||
# gitlab_rails['kerberos_https'] = true
|
||||
|
||||
## For setting up omniauth
|
||||
## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#omniauth-google-twitter-github-login
|
||||
|
||||
|
|
|
@ -108,6 +108,13 @@ default['gitlab']['gitlab-rails']['ldap_sync_time'] = nil
|
|||
default['gitlab']['gitlab-rails']['ldap_active_directory'] = nil
|
||||
####
|
||||
|
||||
default['gitlab']['gitlab-rails']['kerberos_enabled'] = nil
|
||||
default['gitlab']['gitlab-rails']['kerberos_keytab'] = nil
|
||||
default['gitlab']['gitlab-rails']['kerberos_service_principal_name'] = nil
|
||||
default['gitlab']['gitlab-rails']['kerberos_use_dedicated_port'] = nil
|
||||
default['gitlab']['gitlab-rails']['kerberos_port'] = nil
|
||||
default['gitlab']['gitlab-rails']['kerberos_https'] = nil
|
||||
|
||||
default['gitlab']['gitlab-rails']['omniauth_enabled'] = false
|
||||
default['gitlab']['gitlab-rails']['omniauth_allow_single_sign_on'] = nil
|
||||
default['gitlab']['gitlab-rails']['omniauth_auto_sign_in_with_provider'] = nil
|
||||
|
|
|
@ -118,6 +118,29 @@ production: &base
|
|||
sync_time: <%= @ldap_sync_time %>
|
||||
<% end %>
|
||||
|
||||
## Kerberos settings
|
||||
kerberos:
|
||||
# Allow the HTTP Negotiate authentication method for Git clients
|
||||
enabled: <%= @kerberos_enabled %>
|
||||
|
||||
# Kerberos 5 keytab file. The keytab file must be readable by the GitLab user,
|
||||
# and should be different from other keytabs in the system.
|
||||
# (default: use default keytab from Krb5 config)
|
||||
keytab: <%= @kerberos_keytab %>
|
||||
|
||||
# The Kerberos service name to be used by GitLab.
|
||||
# (default: accept any service name in keytab file)
|
||||
service_principal_name: <%= @kerberos_service_principal_name %>
|
||||
|
||||
# Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails.
|
||||
# To support both Basic and Negotiate methods with older versions of Git, configure
|
||||
# nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines
|
||||
# to dedicate this port to Kerberos authentication. (default: false)
|
||||
use_dedicated_port: <%= @kerberos_use_dedicated_port %>
|
||||
port: <%= @kerberos_port %>
|
||||
https: <%= @kerberos_https %>
|
||||
|
||||
|
||||
## OmniAuth settings
|
||||
omniauth:
|
||||
# Allow login via Twitter, Google, etc. using OmniAuth providers
|
||||
|
|
Loading…
Reference in New Issue