Change session handling

Stop using memcache, use mod_auth_gssapi filesystem based ccaches. Remove custom session handling, use mod_auth_gssapi and mod_session to establish and keep a session cookie. Add loopback to mod_auth_gssapi to do form absed auth and pass back a valid session cookie. And now that we do not remove ccaches files to move them to the memcache, we can avoid the risk of pollutting the filesystem by keeping a common ccache file for all instances of the same user. https://fedorahosted.org/freeipa/ticket/5959 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Simo Sorce <simo@redhat.com> 2016-08-19 09:23:55 -0400
committer: Jan Cholasta <jcholast@redhat.com> 2017-02-15 07:13:37 +0100
commit: c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a (patch)
tree: 8511e93ca9e8e1df6c504b8f18d2fec733686d26 /ipalib
parent: 11ef2cacbf2ebb67f80a0cf4a3e7b39da700188b (diff)
download: freeipa-c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a.tar.gz
freeipa-c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a.tar.xz
freeipa-c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/ipalib/krb_utils.py b/ipalib/krb_utils.py
index d005a87b6..47d24c984 100644
--- a/ipalib/krb_utils.py
+++ b/ipalib/krb_utils.py
@@ -208,3 +208,5 @@ def get_credentials_if_valid(name=None, ccache_name=None):
         return None
     except gssapi.exceptions.ExpiredCredentialsError:
         return None
+    except gssapi.exceptions.GSSError:
+        return None
author	Simo Sorce <simo@redhat.com>	2016-08-19 09:23:55 -0400
committer	Jan Cholasta <jcholast@redhat.com>	2017-02-15 07:13:37 +0100
commit	c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a (patch)
tree	8511e93ca9e8e1df6c504b8f18d2fec733686d26 /ipalib
parent	11ef2cacbf2ebb67f80a0cf4a3e7b39da700188b (diff)
download	freeipa-c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a.tar.gz freeipa-c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a.tar.xz freeipa-c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a.zip