diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-06-05 05:02:58 -0400 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2015-06-05 19:12:46 +0200 |
commit | 355b6d416d800692f7028e057ff76aab9f8c0470 (patch) | |
tree | efd11c6d315f8c06be59a32db69f291a22bbd67e /install/conf | |
parent | 8b3bc99a737edb9178e115c188d60d963f73e50c (diff) | |
download | freeipa-355b6d416d800692f7028e057ff76aab9f8c0470.tar.gz freeipa-355b6d416d800692f7028e057ff76aab9f8c0470.tar.xz freeipa-355b6d416d800692f7028e057ff76aab9f8c0470.zip |
ipa-pki-proxy: allow certificate and password authentication
ipa-replica-install --setup-ca is failing because the security
domain login attempts password authentication, but the current
ipa-pki-proxy requires certificate authentication.
Set NSSVerifyClient optional to allow both certificate and password
authentication to work.
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'install/conf')
-rw-r--r-- | install/conf/ipa-pki-proxy.conf | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf index 366ca15a1..354b340f0 100644 --- a/install/conf/ipa-pki-proxy.conf +++ b/install/conf/ipa-pki-proxy.conf @@ -1,4 +1,4 @@ -# VERSION 6 - DO NOT REMOVE THIS LINE +# VERSION 7 - DO NOT REMOVE THIS LINE ProxyRequests Off @@ -27,9 +27,16 @@ ProxyRequests Off </LocationMatch> # matches for REST API -<LocationMatch "^/ca/rest/account/login|^/ca/rest/account/logout|^/ca/rest/profiles"> +<LocationMatch "^/ca/rest/account/login|^/ca/rest/account/logout"> NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate - NSSVerifyClient require + NSSVerifyClient optional + ProxyPassMatch ajp://localhost:$DOGTAG_PORT + ProxyPassReverse ajp://localhost:$DOGTAG_PORT +</LocationMatch> + +<LocationMatch "^/ca/rest/profiles"> + NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate + NSSVerifyClient none ProxyPassMatch ajp://localhost:$DOGTAG_PORT ProxyPassReverse ajp://localhost:$DOGTAG_PORT </LocationMatch> |