pvl.login: do not store invalid pubtkt's in self.pubtkt; implement a ssl client cert ca
#!/usr/bin/python
"""
pvl.verkko.rrd wsgi development server
"""
import pvl.args
import pvl.ldap.args
import pvl.login.auth
import pvl.login.server
import pvl.login.ssl
import pvl.web.args
import optparse
import logging; log = logging.getLogger('pvl.login-server')
def main (argv) :
"""
pvl.login server
"""
parser = optparse.OptionParser(main.__doc__)
parser.add_option_group(pvl.args.parser(parser))
parser.add_option_group(pvl.web.args.parser(parser))
parser.add_option_group(pvl.ldap.args.parser(parser))
options, args = parser.parse_args(argv[1:])
pvl.args.apply(options)
# ldap
ldap = pvl.ldap.args.apply(options)
# app
application = pvl.web.args.apply(options,
pvl.login.server.LoginApplication,
auth = pvl.login.auth.LDAPAuth(ldap),
ssl = pvl.login.ssl.UsersCA('ssl/userca', 'ssl/users'),
)
# behind a reverse-proxy
import werkzeug.contrib.fixers
application = werkzeug.contrib.fixers.ProxyFix(application)
pvl.web.args.main(options, application)
if __name__ == '__main__':
pvl.args.main(main)