Use Anonymous user to obtain FAST armor ccache

The anonymous user allows the framework to obtain an armor ccache without relying on usable credentials, either via a keytab or a pkinit and public certificates. This will be needed once the HTTP keytab is moved away for privilege separation. https://fedorahosted.org/freeipa/ticket/5959 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Simo Sorce <simo@redhat.com> 2016-12-02 06:48:35 -0500
committer: Jan Cholasta <jcholast@redhat.com> 2017-02-15 07:13:37 +0100
commit: b6741d81e187fc84177c12ef8ad900d3b5cda6a4 (patch)
tree: 32e5c708bb5f5c2d3552d34c881facc890ee4cf8 /ipaplatform
parent: b109f5d850ce13585d4392ca48896dc069a746e5 (diff)
download: freeipa-b6741d81e187fc84177c12ef8ad900d3b5cda6a4.tar.gz
freeipa-b6741d81e187fc84177c12ef8ad900d3b5cda6a4.tar.xz
freeipa-b6741d81e187fc84177c12ef8ad900d3b5cda6a4.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index d62ffa224..374a1987b 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -50,6 +50,7 @@ class BasePathNamespace(object):
     HTTPD_NSS_CONF = "/etc/httpd/conf.d/nss.conf"
     HTTPD_SSL_CONF = "/etc/httpd/conf.d/ssl.conf"
     IPA_KEYTAB = "/etc/httpd/conf/ipa.keytab"
+    ANON_KEYTAB = "/var/lib/ipa/api/anon.keytab"
     HTTPD_PASSWORD_CONF = "/etc/httpd/conf/password.conf"
     IDMAPD_CONF = "/etc/idmapd.conf"
     ETC_IPA = "/etc/ipa"
author	Simo Sorce <simo@redhat.com>	2016-12-02 06:48:35 -0500
committer	Jan Cholasta <jcholast@redhat.com>	2017-02-15 07:13:37 +0100
commit	b6741d81e187fc84177c12ef8ad900d3b5cda6a4 (patch)
tree	32e5c708bb5f5c2d3552d34c881facc890ee4cf8 /ipaplatform
parent	b109f5d850ce13585d4392ca48896dc069a746e5 (diff)
download	freeipa-b6741d81e187fc84177c12ef8ad900d3b5cda6a4.tar.gz freeipa-b6741d81e187fc84177c12ef8ad900d3b5cda6a4.tar.xz freeipa-b6741d81e187fc84177c12ef8ad900d3b5cda6a4.zip