diff options
Diffstat (limited to 'ipaserver/install/cainstance.py')
-rw-r--r-- | ipaserver/install/cainstance.py | 14 |
1 files changed, 2 insertions, 12 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index f31bdc6d2..69921a33a 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -56,6 +56,7 @@ PKI_INSTANCE_NAME="pki-ca" AGENT_SECURE_PORT=9443 EE_SECURE_PORT=9444 ADMIN_SECURE_PORT=9445 +EE_CLIENT_AUTH_PORT=9446 UNSECURE_PORT=9180 TOMCAT_SERVER_PORT=9701 @@ -482,6 +483,7 @@ class CAInstance(service.Service): '-agent_secure_port', str(AGENT_SECURE_PORT), '-ee_secure_port', str(EE_SECURE_PORT), '-admin_secure_port', str(ADMIN_SECURE_PORT), + '-ee_secure_client_auth_port', str(EE_CLIENT_AUTH_PORT), '-unsecure_port', str(UNSECURE_PORT), '-tomcat_server_port', str(TOMCAT_SERVER_PORT), '-redirect', 'conf=/etc/pki-ca', @@ -518,18 +520,6 @@ class CAInstance(service.Service): pent = pwd.getpwnam(self.pki_user) os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid ) - # Update the servlet mapping to so we use the agent interface rather - # than the end-user interface. The agent interface always requires - # client auth which lets us work work around the NSS change which - # disallows renegotation (CVE-2009-3555) - # - # The spaces here, while ugly, are required because update_file() - # escapes the incoming string. - installutils.update_file('/var/lib/%s/webapps/ca/WEB-INF/web.xml' % PKI_INSTANCE_NAME, - ' <url-pattern> /ee/ca/profileSubmitSSLClient </url-pattern>', - ' <url-pattern> /agent/ca/profileSubmitSSLClient </url-pattern>' -) - logging.debug("restarting ca instance") try: self.restart() |