mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Add options to allow ticket caching
This new option (planned to land in gssproxy 0.7) we cache the ldap ticket properly and avoid a ticket lookup to the KDC on each and every ldap connection. (Also requires krb5 libs 1.15.1 to benefit from caching). Ticket: https://pagure.io/freeipa/issue/6771 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
9ac62bec44
commit
4ee7e4ee6d
@ -4,6 +4,7 @@
|
||||
cred_store = keytab:$HTTP_KEYTAB
|
||||
cred_store = client_keytab:$HTTP_KEYTAB
|
||||
allow_protocol_transition = true
|
||||
allow_client_ccache_sync = true
|
||||
cred_usage = both
|
||||
euid = $HTTPD_USER
|
||||
|
||||
@ -12,5 +13,6 @@
|
||||
cred_store = keytab:$HTTP_KEYTAB
|
||||
cred_store = client_keytab:$HTTP_KEYTAB
|
||||
allow_constrained_delegation = true
|
||||
allow_client_ccache_sync = true
|
||||
cred_usage = initiate
|
||||
euid = $IPAAPI_USER
|
||||
|
Loading…
Reference in New Issue
Block a user