7.8.9. Configuring OpenShift Enterprise Authentication
httpdservice to handle authentication and pass on the authenticated user, or "remote user". Therefore, it is necessary to configure authentication in
httpd. In a production environment, you can configure
httpdto use LDAP, Kerberos, or another industrial-strength technology. This example uses Apache Basic Authentication and a
htpasswdfile to configure authentication.
Procedure 7.15. To Configure Authentication for the OpenShift Enterprise Broker:
- Copy the example file to the correct location. This configures
/etc/openshift/htpasswdfor its password file.
# cp /var/www/openshift/broker/httpd/conf.d/openshift-origin-auth-remote-user-basic.conf.sample /var/www/openshift/broker/httpd/conf.d/openshift-origin-auth-remote-user.conf
/var/www/openshift/broker/httpd/conf.d/openshift-origin-auth-remote-user.conffile must be readable by Apache for proper authentication. Red Hat recommends not making the file unreadable by
- Create the
htpasswdfile with an initial user "demo":
# htpasswd -c /etc/openshift/htpasswd demoNew password: Re-type new password: Adding password for user demo
configure_httpd_authfunction performs these steps. The script creates the
demouser with a default password, which is set to
changemein OpenShift Enterprise 2.0 and prior releases. With OpenShift Enterprise 2.1 and later, the default password is randomized and displayed after the installation completes. The
demouser is intended for testing an installation, and must not be enabled in a production installation.