Change session handling

Stop using memcache, use mod_auth_gssapi filesystem based ccaches.
Remove custom session handling, use mod_auth_gssapi and mod_session to
establish and keep a session cookie.
Add loopback to mod_auth_gssapi to do form absed auth and pass back a
valid session cookie.
And now that we do not remove ccaches files to move them to the
memcache, we can avoid the risk of pollutting the filesystem by keeping
a common ccache file for all instances of the same user.

https://fedorahosted.org/freeipa/ticket/5959

Signed-off-by: Simo Sorce <simo@redhat.com>

3 files changed, 4 insertions, 1 deletions

diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 715912d8b..6f35a329e 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -86,7 +86,9 @@ dist_app_DATA =				\
 	vault.ldif			\
 	kdcproxy-enable.uldif		\
 	kdcproxy-disable.uldif		\
-	ipa-httpd.conf.template
+	ipa-httpd.conf.template		\
+	gssapi.login			\
+	$(NULL)
 
 kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy
 dist_kdcproxyconf_DATA =			\
diff --git a/install/share/gssapi.login b/install/share/gssapi.login
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/install/share/gssapi.login
diff --git a/install/share/memcache-remove.uldif b/install/share/memcache-remove.uldif
new file mode 100644
index 000000000..e6ca1a617
--- /dev/null
+++ b/install/share/memcache-remove.uldif
@@ -0,0 +1 @@
+deleteentry: cn=MEMCACHE,cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX