[pkg-horde] Bug#312360: horde3: Here is a proposed configuration
Lionel Elie Mamane
lionel at mamane.lu
Wed Aug 23 22:06:08 UTC 2006
On Wed, Aug 23, 2006 at 10:17:42AM +0200, Ola Lundqvist wrote:
> I suggest to add this to the README.Debian file. We already have the
> alias part there as far as I can remember.
We already have everything in the README.Debian:
(...)in particular, you need the following to apply to the
For the webserver you also need to tell where your horde3 installation
is. This done by adding an alias to the apache configuration like
Alias /horde3 /usr/share/horde3
> On Wed, Aug 23, 2006 at 07:21:01AM +0200, Lionel Elie Mamane wrote:
>> On Tue, Aug 22, 2006 at 11:42:08AM -0400, Roberto C. Sanchez wrote:
>>> On Tue, Aug 22, 2006 at 03:53:28PM +0200, Jerome Warnier wrote:
>>>> Please put the attached file as /etc/horde/horde3/apache.conf and
>>>> link to it from /etc/apache/conf.d and /etc/apache2/conf.d. It will
>>>> work out-of-the-box and make everybody happy.
>>>> Alias /horde3 "/usr/share/horde3/"
>>>> <Directory "/usr/share/horde3">
>>>> Options Indexes MultiViews FollowSymLinks
>>>> AllowOverride None
>>>> Order allow,deny
>>>> Allow From all
>> If we put something automatically, I'd rather put:
>> Alias ...
>> <Directory "/usr/share/horde3">
>> Options FollowSymLinks
>> AllowOverride Limit
>> Order ...
>>> Are you crazy? I would not want an application which relies on
>>> authentication to the system to be accessible over a clear-text
>>> protocol my default. That is a decision that must be made by the
>>> system administrator.
>> It is not *that* bad... By default (in non-configured state) horde
>> does not rely on authentication to the system. Just anybody can
>> access the configuration interface without authentication. :-) So,
>> when the administrator configures reliance on authentication, he
>> can also change the Apache-Horde config to require TLS/SSL.
>> My worry is more the upgrades. People already have a working config,
>> we drop the default config in addition to that, hell breaks loose. If
>> we can manage to do the "link to it" part only on new installs, not
>> upgrades, I'd feel better about it.
More information about the pkg-horde-hackers