diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2015-05-15 15:37:05 +0200 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-05-19 12:59:18 +0000 |
| commit | 7ff7b1f533cc10c44acf6020b545b253de1ad37b (patch) | |
| tree | e0dbc79f162350c4652bd6a247c1c302820e37cc /install/conf | |
| parent | 0167919ba88ef718e7b678380ebfe3ddb4566831 (diff) | |
| download | freeipa-7ff7b1f533cc10c44acf6020b545b253de1ad37b.tar.gz freeipa-7ff7b1f533cc10c44acf6020b545b253de1ad37b.tar.xz freeipa-7ff7b1f533cc10c44acf6020b545b253de1ad37b.zip | |
move IPA-related http runtime directories to common subdirectory
When both 'mod_auth_kerb' and 'mod_auth_gssapi' are installed at the same
time, they use common directory for storing Apache ccache file. Uninstallation
of 'mod_auth_kerb' removes this directory leading to invalid CCache path for
httpd and authentication failure.
Using an IPA-specific directory for credential storage during apache runtime
avoids this issue.
https://fedorahosted.org/freeipa/ticket/4973
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'install/conf')
| -rw-r--r-- | install/conf/ipa.conf | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 92637c04d..57de2f1a9 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -1,5 +1,5 @@ # -# VERSION 17 - DO NOT REMOVE THIS LINE +# VERSION 18 - DO NOT REMOVE THIS LINE # # This file may be overwritten on upgrades. # @@ -66,7 +66,7 @@ WSGIScriptReloading Off AuthName "Kerberos Login" GssapiCredStore keytab:/etc/httpd/conf/ipa.keytab GssapiCredStore client_keytab:/etc/httpd/conf/ipa.keytab - GssapiDelegCcacheDir /var/run/httpd/clientcaches + GssapiDelegCcacheDir /var/run/httpd/ipa/clientcaches GssapiUseS4U2Proxy on Require valid-user ErrorDocument 401 /ipa/errors/unauthorized.html |