diff options
author | Simo Sorce <simo@redhat.com> | 2016-12-02 06:48:35 -0500 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2017-02-15 07:13:37 +0100 |
commit | b6741d81e187fc84177c12ef8ad900d3b5cda6a4 (patch) | |
tree | 32e5c708bb5f5c2d3552d34c881facc890ee4cf8 /ipaplatform | |
parent | b109f5d850ce13585d4392ca48896dc069a746e5 (diff) | |
download | freeipa-b6741d81e187fc84177c12ef8ad900d3b5cda6a4.tar.gz freeipa-b6741d81e187fc84177c12ef8ad900d3b5cda6a4.tar.xz freeipa-b6741d81e187fc84177c12ef8ad900d3b5cda6a4.zip |
Use Anonymous user to obtain FAST armor ccache
The anonymous user allows the framework to obtain an armor ccache without
relying on usable credentials, either via a keytab or a pkinit and
public certificates. This will be needed once the HTTP keytab is moved away
for privilege separation.
https://fedorahosted.org/freeipa/ticket/5959
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaplatform')
-rw-r--r-- | ipaplatform/base/paths.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index d62ffa224..374a1987b 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -50,6 +50,7 @@ class BasePathNamespace(object): HTTPD_NSS_CONF = "/etc/httpd/conf.d/nss.conf" HTTPD_SSL_CONF = "/etc/httpd/conf.d/ssl.conf" IPA_KEYTAB = "/etc/httpd/conf/ipa.keytab" + ANON_KEYTAB = "/var/lib/ipa/api/anon.keytab" HTTPD_PASSWORD_CONF = "/etc/httpd/conf/password.conf" IDMAPD_CONF = "/etc/idmapd.conf" ETC_IPA = "/etc/ipa" |