diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2011-09-23 11:46:59 -0400 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-09-23 20:41:08 +0200 |
| commit | f42da4357eac7e64e803b53c78d6cff9175d20a4 (patch) | |
| tree | 00de5b71df5c0161cd70ff4fe37ed4758ef28749 | |
| parent | 188cc5c49617ba09d5cbbd6b4e27ec7bcf472d20 (diff) | |
| download | freeipa-f42da4357eac7e64e803b53c78d6cff9175d20a4.tar.gz freeipa-f42da4357eac7e64e803b53c78d6cff9175d20a4.tar.xz freeipa-f42da4357eac7e64e803b53c78d6cff9175d20a4.zip | |
Always require SSL in the Kerberos authorization block.
This also corrects a slight bug where if add is True then we always
re-update the file.
https://fedorahosted.org/freeipa/ticket/1755
| -rw-r--r-- | install/conf/ipa.conf | 3 | ||||
| -rw-r--r-- | install/tools/ipa-upgradeconfig | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 72e3e4c0..2339387a 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -1,5 +1,5 @@ # -# VERSION 2 - DO NOT REMOVE THIS LINE +# VERSION 3 - DO NOT REMOVE THIS LINE # # LoadModule auth_kerb_module modules/mod_auth_kerb.so @@ -45,6 +45,7 @@ WSGIScriptReloading Off # Protect /ipa with Kerberos <Location "/ipa"> + NSSRequireSSL AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 1b08382e..cae0964d 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -116,7 +116,7 @@ def upgrade(sub_dict, filename, template, add=False): if new < 0: print "%s not found." % template - if old < new or add: + if old < new: backup_file(filename, new) update_conf(sub_dict, filename, template) print "Upgraded %s to version %d" % (filename, new) |