summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2017-03-06 13:46:44 -0500
committerMartin Babinsky <mbabinsk@redhat.com>2017-03-16 13:10:37 +0100
commit4ee7e4ee6d6500d8b8935c9033388adc4cdbe672 (patch)
tree042617ff1b21c2bdde51d8b19ad24b2687ff6f58
parent9ac62bec44b642838cbb175d94efd90acb417ecc (diff)
downloadfreeipa-4ee7e4ee6d6500d8b8935c9033388adc4cdbe672.tar.gz
freeipa-4ee7e4ee6d6500d8b8935c9033388adc4cdbe672.tar.xz
freeipa-4ee7e4ee6d6500d8b8935c9033388adc4cdbe672.zip
Add options to allow ticket caching
This new option (planned to land in gssproxy 0.7) we cache the ldap ticket properly and avoid a ticket lookup to the KDC on each and every ldap connection. (Also requires krb5 libs 1.15.1 to benefit from caching). Ticket: https://pagure.io/freeipa/issue/6771 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
-rw-r--r--install/share/gssproxy.conf.template2
1 files changed, 2 insertions, 0 deletions
diff --git a/install/share/gssproxy.conf.template b/install/share/gssproxy.conf.template
index fbb158a68..9d111009f 100644
--- a/install/share/gssproxy.conf.template
+++ b/install/share/gssproxy.conf.template
@@ -4,6 +4,7 @@
cred_store = keytab:$HTTP_KEYTAB
cred_store = client_keytab:$HTTP_KEYTAB
allow_protocol_transition = true
+ allow_client_ccache_sync = true
cred_usage = both
euid = $HTTPD_USER
@@ -12,5 +13,6 @@
cred_store = keytab:$HTTP_KEYTAB
cred_store = client_keytab:$HTTP_KEYTAB
allow_constrained_delegation = true
+ allow_client_ccache_sync = true
cred_usage = initiate
euid = $IPAAPI_USER