- using latest version of lib-apache2-mod-authpubtkt
- upgraded keys to 4096-bit RSA
- upgraded hashing algorithm to sha512
Plinth needs dependency on libapache2-mod-auth-pubtkt >= 0.11
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Solves bug #890
- Since Apache might be started before Plinth setup is ever run, we
have to handle the case where the auth_pubtkt module may not be available.
- Install mod_auth_pubtkt and generate public/private key-pair.
- Redirect user to login page if no cookie is presented.
- Add check for authenticated user for login page.
- Temporarily switched to DSA because of a bug in mod_auth_pubtkt
which causes it to accept only DSA and not RSA. Also had to use SHA1
instead of SHA256.
- Enabled SSO for Syncthing, Repro and TT-RSS.
- Using tokens to authorize by user groups.
- Generate keys during first boot.
- Redirect /syncthing to /syncthing/ as the daemon does not work
without a slash at the end.
- Create a separate include file for LDAP authentication
configuration that can be included on other app configurations.
