summaryrefslogtreecommitdiffstats
path: root/install/conf/ipa.conf
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-09-23 11:46:59 -0400
committerMartin Kosek <mkosek@redhat.com>2011-09-23 20:41:08 +0200
commitf42da4357eac7e64e803b53c78d6cff9175d20a4 (patch)
tree00de5b71df5c0161cd70ff4fe37ed4758ef28749 /install/conf/ipa.conf
parent188cc5c49617ba09d5cbbd6b4e27ec7bcf472d20 (diff)
downloadfreeipa-f42da4357eac7e64e803b53c78d6cff9175d20a4.tar.gz
freeipa-f42da4357eac7e64e803b53c78d6cff9175d20a4.tar.xz
freeipa-f42da4357eac7e64e803b53c78d6cff9175d20a4.zip
Always require SSL in the Kerberos authorization block.
This also corrects a slight bug where if add is True then we always re-update the file. https://fedorahosted.org/freeipa/ticket/1755
Diffstat (limited to 'install/conf/ipa.conf')
-rw-r--r--install/conf/ipa.conf3
1 files changed, 2 insertions, 1 deletions
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index 72e3e4c01..2339387a7 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -1,5 +1,5 @@
#
-# VERSION 2 - DO NOT REMOVE THIS LINE
+# VERSION 3 - DO NOT REMOVE THIS LINE
#
# LoadModule auth_kerb_module modules/mod_auth_kerb.so
@@ -45,6 +45,7 @@ WSGIScriptReloading Off
# Protect /ipa with Kerberos
<Location "/ipa">
+ NSSRequireSSL
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate on