diff options
author | Jan Pazdziora <jpazdziora@redhat.com> | 2022-01-23 09:04:21 +0100 |
---|---|---|
committer | Jan Pazdziora <jpazdziora@redhat.com> | 2022-01-23 09:52:22 +0100 |
commit | 3575243b49923894bea86f74f5c4ae31793b8479 (patch) | |
tree | 65c976d1a53f2a330571779d8c56a0155c8d9f8d /README | |
parent | 79170d640088d972e0853269715ef419038b8b4c (diff) | |
download | mod_authnz_pam-3575243b49923894bea86f74f5c4ae31793b8479.tar.gz mod_authnz_pam-3575243b49923894bea86f74f5c4ae31793b8479.tar.xz mod_authnz_pam-3575243b49923894bea86f74f5c4ae31793b8479.zip |
Change default redirect status for AuthPAMExpiredRedirect to 303 See Other, make it configurable.
Redirect to reset password typically goes to different system,
so repeating for example POST which 307 Temporary Redirect does
is not that useful; the 303 See Other will do plain GET.
The redirect status can be overriden with an optional second parameter
to AuthPAMExpiredRedirect.
Diffstat (limited to 'README')
-rw-r--r-- | README | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -95,7 +95,7 @@ two separate account PAM checks during the Basic Authentication. Handling expired password: - AuthPAMExpiredRedirect <URL> + AuthPAMExpiredRedirect <URL> [<status>] For both the authorization and HTTP Basic authentication case, if the password the user has presented has expired (PAM return codes @@ -117,6 +117,9 @@ For example for FreeIPA 4.1+, the value can actually be https://<IPA-server>/ipa/ui/reset_password.html?url=%s +By default the redirect is done using 303 See Other. The redirect +status can be specified as numerical value in the 3xx range. + SELinux: On SELinux enabled systems, boolean httpd_mod_auth_pam needs to |