diff options
author | Rob Crittenden <rcritten@redhat.com> | 2012-01-10 22:39:26 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-01-10 22:39:26 -0500 |
commit | c08296adff58517934b3ea3e4a6581b55fbc2d0c (patch) | |
tree | c2d8eae25edb6d6b7b51cc53759c2fcd6dcdae6f /ipaserver | |
parent | 74857a8ee465819b262c3445ea22119196e92c5e (diff) | |
download | freeipa-c08296adff58517934b3ea3e4a6581b55fbc2d0c.tar.gz freeipa-c08296adff58517934b3ea3e4a6581b55fbc2d0c.tar.xz freeipa-c08296adff58517934b3ea3e4a6581b55fbc2d0c.zip |
Configure s4u2proxy during installation.
This creates a new container, cn=s4u2proxy,cn=etc,$SUFFIX
Within that container we control which services are allowed to
delegate tickets for other services. Right now that is limited
from the IPA HTTP to ldap services.
Requires a version of mod_auth_kerb that supports s4u2proxy
https://fedorahosted.org/freeipa/ticket/1098
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/httpinstance.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 79b617289..7fa19c108 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -136,6 +136,9 @@ class HTTPInstance(service.Service): pent = pwd.getpwnam("apache") os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid) + # Clean up existing ccache + installutils.remove_file('/tmp/krb5cc_%d' % pent.pw_uid) + def __configure_http(self): target_fname = '/etc/httpd/conf.d/ipa.conf' http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa.conf", self.sub_dict) |