IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Store GSSAPI session key in /var/run/ipa

Browse Source 
Runtime data should be stored in /var/run instead of /etc/httpd/alias.
This change is also compatible with selinux policy.

https://pagure.io/freeipa/issue/6880

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Martin Basti 2017-04-20 10:39:08 +02:00 committed by Martin Babinsky
parent 0f42670afa
commit 2bab2d4963
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
install/conf/ipa.conf
View File

@ -1,5 +1,5 @@
#
# VERSION 25 - DO NOT REMOVE THIS LINE
# VERSION 26 - DO NOT REMOVE THIS LINE
#
# This file may be overwritten on upgrades.
#
@ -78,7 +78,7 @@ WSGIScriptReloading Off
SessionCookieName ipa_session path=/ipa;httponly;secure;
SessionHeader IPASESSION
SessionMaxAge 1800
GssapiSessionKey file:/etc/httpd/alias/ipasession.key
GssapiSessionKey file:/var/run/ipa/session.key
GssapiImpersonate On
GssapiDelegCcacheDir /var/run/ipa/ccaches
@ -127,7 +127,7 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login"
SessionCookieName ipa_session path=/ipa;httponly;secure;
SessionHeader IPASESSION
SessionMaxAge 1800
GssapiSessionKey file:/etc/httpd/alias/ipasession.key
GssapiSessionKey file:/var/run/ipa/session.key
Header unset Set-Cookie
</Location>