Always require SSL in the Kerberos authorization block.

This also corrects a slight bug where if add is True then we always re-update the file. https://fedorahosted.org/freeipa/ticket/1755
author: Rob Crittenden <rcritten@redhat.com> 2011-09-23 11:46:59 -0400
committer: Martin Kosek <mkosek@redhat.com> 2011-09-23 20:41:08 +0200
commit: f42da4357eac7e64e803b53c78d6cff9175d20a4 (patch)
tree: 00de5b71df5c0161cd70ff4fe37ed4758ef28749 /install/conf/ipa.conf
parent: 188cc5c49617ba09d5cbbd6b4e27ec7bcf472d20 (diff)
download: freeipa-f42da4357eac7e64e803b53c78d6cff9175d20a4.tar.gz
freeipa-f42da4357eac7e64e803b53c78d6cff9175d20a4.tar.xz
freeipa-f42da4357eac7e64e803b53c78d6cff9175d20a4.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index 72e3e4c01..2339387a7 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -1,5 +1,5 @@
 #
-# VERSION 2 - DO NOT REMOVE THIS LINE
+# VERSION 3 - DO NOT REMOVE THIS LINE
 #
 # LoadModule auth_kerb_module modules/mod_auth_kerb.so
 
@@ -45,6 +45,7 @@ WSGIScriptReloading Off
 
 # Protect /ipa with Kerberos
 <Location "/ipa">
+  NSSRequireSSL
   AuthType Kerberos
   AuthName "Kerberos Login"
   KrbMethodNegotiate on
author	Rob Crittenden <rcritten@redhat.com>	2011-09-23 11:46:59 -0400
committer	Martin Kosek <mkosek@redhat.com>	2011-09-23 20:41:08 +0200
commit	f42da4357eac7e64e803b53c78d6cff9175d20a4 (patch)
tree	00de5b71df5c0161cd70ff4fe37ed4758ef28749 /install/conf/ipa.conf
parent	188cc5c49617ba09d5cbbd6b4e27ec7bcf472d20 (diff)
download	freeipa-f42da4357eac7e64e803b53c78d6cff9175d20a4.tar.gz freeipa-f42da4357eac7e64e803b53c78d6cff9175d20a4.tar.xz freeipa-f42da4357eac7e64e803b53c78d6cff9175d20a4.zip