freeipa/ipaserver
Alexander Bokovoy ec73de969f Secure AJP connector between Dogtag and Apache proxy
AJP implementation in Tomcat is vulnerable to CVE-2020-1938 if used
without shared secret. Set up a shared secret between localhost
connector and Apache mod_proxy_ajp pass-through.

For existing secured AJP pass-through make sure the option used for
configuration on the tomcat side is up to date. Tomcat 9.0.31.0
deprecated 'requiredSecret' option name in favor of 'secret'. Details
can be found at https://tomcat.apache.org/migration-9.html#Upgrading_9.0.x

Fixes: https://pagure.io/freeipa/issue/8221

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-03-11 17:41:17 +01:00
..
advise smartcard: make the ipa-advise script compatible with authselect/authconfig 2019-11-08 12:57:54 +01:00
dnssec Add ODS manager abstraction to ipaplatform 2019-04-24 14:08:20 +02:00
install Secure AJP connector between Dogtag and Apache proxy 2020-03-11 17:41:17 +01:00
plugins ipa-adtrust-install: remote command fails if ipa-server-trust-ad pkg missing 2020-03-10 18:21:50 +01:00
secrets NSSWrappedCertDB: accept optional symmetric algorithm 2019-09-25 12:42:06 +10:00
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
dcerpc_common.py Py3: Replace six.text_type with str 2018-09-27 16:11:18 +02:00
dcerpc.py Fix get_trusted_domain_object_from_sid() 2019-12-12 09:58:16 +01:00
dns_data_management.py Removed unnecessary imports after code review. 2019-09-27 09:38:32 +02:00
Makefile.am Build: Makefiles for Python packages 2016-11-09 13:08:32 +01:00
masters.py Add hidden replica feature 2019-03-28 17:57:58 +01:00
p11helper.py Add PKCS#11 module name to p11helper errors 2019-07-25 15:16:33 -04:00
rpcserver.py AD user without override receive InternalServerError with API 2020-01-10 17:07:57 +01:00
servroles.py Consider configured servers as valid 2019-04-29 16:51:40 +02:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Move Custodia secrets handler to scripts 2019-04-26 12:09:22 +02:00
topology.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00