freeipa/ipa-client
Rob Crittenden 2d6eeb205e Require an HTTP Referer header in the server. Send one in ipa tools.
This is to prevent a Cross-Site Request Forgery (CSRF) attack where
a rogue server tricks a user who was logged into the FreeIPA
management interface into visiting a specially-crafted URL where
the attacker could perform FreeIPA oonfiguration changes with the
privileges of the logged-in user.

https://bugzilla.redhat.com/show_bug.cgi?id=747710
2011-12-12 17:36:45 -05:00
..
firefox Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
ipa-install Require an HTTP Referer header in the server. Send one in ipa tools. 2011-12-12 17:36:45 -05:00
ipaclient Check through all LDAP servers in the domain during IPA discovery 2011-12-09 00:19:57 -05:00
man Fix ipa-client-install -U option alignment 2011-10-14 10:35:15 +02:00
AUTHORS Fix build from autoconf patch import. 0001-01-01 00:00:00 +00:00
config.c Fix coverity issues in client CLI tools 2011-11-23 00:30:41 -05:00
configure.ac Add configure check for libintl.h 2011-11-16 18:35:19 -05:00
ipa-client-common.c Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
ipa-client-common.h include <stdint.h> for uintptr_t 2011-09-22 09:42:11 -04:00
ipa-client.spec.in Fix versioning for configure.ac and ipa-python/setup.py 2008-08-11 18:31:05 -04:00
ipa-getkeytab.c Fix coverity issues in client CLI tools 2011-11-23 00:30:41 -05:00
ipa-join.c Require an HTTP Referer header in the server. Send one in ipa tools. 2011-12-12 17:36:45 -05:00
ipa-rmkeytab.c Bad return values for ipa-rmkeytab command 2011-05-03 15:19:07 +02:00
Makefile.am Add configure check for libintl.h 2011-11-16 18:35:19 -05:00
NEWS Fix build from autoconf patch import. 0001-01-01 00:00:00 +00:00
README Add a copy of the LICENSE and populate some README's 2008-01-23 10:30:18 -05:00
version.m4.in Fix versioning for configure.ac and ipa-python/setup.py 2008-08-11 18:31:05 -04:00

Code to be installed on any client that wants to be in an IPA domain.

Mostly consists of a tool for Linux systems that will help configure the
client so it will work properly in a kerberized environment.

It also includes several ways to configure Firefox to do single sign-on.

The two methods on the client side are:

1. globalsetup.sh. This modifies the global Firefox installation so that
   any profiles created will be pre-configured.

2. usersetup.sh. This will update a user's existing profile.

The downside of #1 is that an rpm -V will return a failure. It will also
need to be run with every update of Firefox.

One a profile contains the proper preferences it will be unaffected by
upgrades to Firefox. 

The downside of #2 is that every user would need to run this each time they
create a new profile.

There is a third, server-side method. See ipa-server/README for details.