diff options
author | Simo Sorce <simo@redhat.com> | 2016-08-19 09:23:55 -0400 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2017-02-15 07:13:37 +0100 |
commit | c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a (patch) | |
tree | 8511e93ca9e8e1df6c504b8f18d2fec733686d26 /ipalib | |
parent | 11ef2cacbf2ebb67f80a0cf4a3e7b39da700188b (diff) | |
download | freeipa-c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a.tar.gz freeipa-c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a.tar.xz freeipa-c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a.zip |
Change session handling
Stop using memcache, use mod_auth_gssapi filesystem based ccaches.
Remove custom session handling, use mod_auth_gssapi and mod_session to
establish and keep a session cookie.
Add loopback to mod_auth_gssapi to do form absed auth and pass back a
valid session cookie.
And now that we do not remove ccaches files to move them to the
memcache, we can avoid the risk of pollutting the filesystem by keeping
a common ccache file for all instances of the same user.
https://fedorahosted.org/freeipa/ticket/5959
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/krb_utils.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ipalib/krb_utils.py b/ipalib/krb_utils.py index d005a87b6..47d24c984 100644 --- a/ipalib/krb_utils.py +++ b/ipalib/krb_utils.py @@ -208,3 +208,5 @@ def get_credentials_if_valid(name=None, ccache_name=None): return None except gssapi.exceptions.ExpiredCredentialsError: return None + except gssapi.exceptions.GSSError: + return None |