Store session cookie in ccache for cli users

Try to use the URI /ipa/session/xml if there is a key in the kernel keyring. If there is no cookie or it turns out to be invalid (expired, whatever) then use the standard URI /ipa/xml. This in turn will create a session that the user can then use later. https://fedorahosted.org/freeipa/ticket/2331
author: Rob Crittenden <rcritten@redhat.com> 2012-06-06 22:54:16 -0400
committer: Martin Kosek <mkosek@redhat.com> 2012-06-14 14:02:26 +0200
commit: 54135ecd9a96f59429cfd535f3add282b535d3e3 (patch)
tree: ff1fc78a7ca3f705844cdc1c39a2253426b675df /install
parent: 0c96f5935607e3825ed76330d3375dec9689c8ba (diff)
download: freeipa-54135ecd9a96f59429cfd535f3add282b535d3e3.tar.gz
freeipa-54135ecd9a96f59429cfd535f3add282b535d3e3.tar.xz
freeipa-54135ecd9a96f59429cfd535f3add282b535d3e3.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index b52d9d2ff..b01a0c2b4 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -1,5 +1,7 @@
 #
-# VERSION 5 - DO NOT REMOVE THIS LINE
+# VERSION 6 - DO NOT REMOVE THIS LINE
+#
+# This file may be overwritten on upgrades.
 #
 # LoadModule auth_kerb_module modules/mod_auth_kerb.so
 
@@ -66,6 +68,12 @@ KrbConstrainedDelegationLock ipa
   Allow from all
 </Location>
 
+<Location "/ipa/session/xml">
+  Satisfy Any
+  Order Deny,Allow
+  Allow from all
+</Location>
+
 <Location "/ipa/session/login_password">
   Satisfy Any
   Order Deny,Allow
author	Rob Crittenden <rcritten@redhat.com>	2012-06-06 22:54:16 -0400
committer	Martin Kosek <mkosek@redhat.com>	2012-06-14 14:02:26 +0200
commit	54135ecd9a96f59429cfd535f3add282b535d3e3 (patch)
tree	ff1fc78a7ca3f705844cdc1c39a2253426b675df /install
parent	0c96f5935607e3825ed76330d3375dec9689c8ba (diff)
download	freeipa-54135ecd9a96f59429cfd535f3add282b535d3e3.tar.gz freeipa-54135ecd9a96f59429cfd535f3add282b535d3e3.tar.xz freeipa-54135ecd9a96f59429cfd535f3add282b535d3e3.zip