Add options to allow ticket caching

This new option (planned to land in gssproxy 0.7) we cache the ldap
ticket properly and avoid a ticket lookup to the KDC on each and every
ldap connection. (Also requires krb5 libs 1.15.1 to benefit from caching).

Ticket: https://pagure.io/freeipa/issue/6771

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Simo Sorce 2017-03-06 13:46:44 -05:00 committed by Martin Babinsky
parent 9ac62bec44
commit 4ee7e4ee6d

View File

@ -4,6 +4,7 @@
cred_store = keytab:$HTTP_KEYTAB
cred_store = client_keytab:$HTTP_KEYTAB
allow_protocol_transition = true
allow_client_ccache_sync = true
cred_usage = both
euid = $HTTPD_USER
@ -12,5 +13,6 @@
cred_store = keytab:$HTTP_KEYTAB
cred_store = client_keytab:$HTTP_KEYTAB
allow_constrained_delegation = true
allow_client_ccache_sync = true
cred_usage = initiate
euid = $IPAAPI_USER