diff options
| author | David Kupka <dkupka@redhat.com> | 2015-03-30 04:17:55 -0400 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-03-30 13:06:12 +0000 |
| commit | 5a03462bfc94d09192c935b2a158958481d1df01 (patch) | |
| tree | 018d71021985eae16039dd1f417c3e4753873b53 /install/conf | |
| parent | 8c72e2efad4e375af55b5a167153f2d1447624d4 (diff) | |
| download | freeipa-5a03462bfc94d09192c935b2a158958481d1df01.tar.gz freeipa-5a03462bfc94d09192c935b2a158958481d1df01.tar.xz freeipa-5a03462bfc94d09192c935b2a158958481d1df01.zip | |
Use mod_auth_gssapi instead of mod_auth_kerb.
https://fedorahosted.org/freeipa/ticket/4190
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Diffstat (limited to 'install/conf')
| -rw-r--r-- | install/conf/ipa.conf | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 62ee955ec..871fab824 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -3,7 +3,6 @@ # # This file may be overwritten on upgrades. # -# LoadModule auth_kerb_module modules/mod_auth_kerb.so ProxyRequests Off @@ -61,19 +60,14 @@ WSGIScriptReloading Off SetHandler None </Location> -KrbConstrainedDelegationLock ipa - # Protect /ipa and everything below it in webspace with Apache Kerberos auth <Location "/ipa"> - AuthType Kerberos + AuthType GSSAPI AuthName "Kerberos Login" - KrbMethodNegotiate on - KrbMethodK5Passwd off - KrbServiceName HTTP - KrbAuthRealms $REALM - Krb5KeyTab /etc/httpd/conf/ipa.keytab - KrbSaveCredentials on - KrbConstrainedDelegation on + GssapiCredStore keytab:/etc/httpd/conf/ipa.keytab + GssapiCredStore client_keytab:/etc/httpd/conf/ipa.keytab + GssapiDelegCcacheDir /var/run/httpd/clientcaches + GssapiUseS4U2Proxy on Require valid-user ErrorDocument 401 /ipa/errors/unauthorized.html </Location> |