diff options
author | Simo Sorce <simo@redhat.com> | 2017-03-06 13:46:44 -0500 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2017-03-06 13:46:44 -0500 |
commit | 513c118d741594bf6bab6302a4b24c23168c4c44 (patch) | |
tree | 9346a80b31215eacdac8bd5c5de9717a7cdacc7d | |
parent | 30d7c210a4d153fcb5007651a80d8d53512abba3 (diff) | |
download | freeipa-513c118d741594bf6bab6302a4b24c23168c4c44.tar.gz freeipa-513c118d741594bf6bab6302a4b24c23168c4c44.tar.xz freeipa-513c118d741594bf6bab6302a4b24c23168c4c44.zip |
Add options to allow ticket caching
This new option (planned to land in gssproxy 0.7) we cache the ldap
ticket properly and avoid a ticket lookup to the KDC on each and every
ldap connection. (Also requires krb5 libs 1.15.1 to benefit from caching).
Signed-off-by: Simo Sorce <simo@redhat.com>
-rw-r--r-- | install/share/gssproxy.conf.template | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/install/share/gssproxy.conf.template b/install/share/gssproxy.conf.template index fbb158a68..9d111009f 100644 --- a/install/share/gssproxy.conf.template +++ b/install/share/gssproxy.conf.template @@ -4,6 +4,7 @@ cred_store = keytab:$HTTP_KEYTAB cred_store = client_keytab:$HTTP_KEYTAB allow_protocol_transition = true + allow_client_ccache_sync = true cred_usage = both euid = $HTTPD_USER @@ -12,5 +13,6 @@ cred_store = keytab:$HTTP_KEYTAB cred_store = client_keytab:$HTTP_KEYTAB allow_constrained_delegation = true + allow_client_ccache_sync = true cred_usage = initiate euid = $IPAAPI_USER |