4 files changed, 13 insertions, 14 deletions

diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index 3e7435903..6ae416353 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -63,10 +63,15 @@ WSGIScriptReloading Off
 <Location "/ipa">
   AuthType GSSAPI
   AuthName "Kerberos Login"
+  GssapiUseSessions On
+  Session On
+  SessionCookieName ipa_session path=/ipa;httponly;secure;
+  SessionHeader IPASESSION
+  GssapiSessionKey file:/etc/httpd/alias/ipasession.key
+
   GssapiCredStore keytab:/etc/httpd/conf/ipa.keytab
   GssapiCredStore client_keytab:/etc/httpd/conf/ipa.keytab
   GssapiDelegCcacheDir /var/run/httpd/ipa/clientcaches
-  GssapiDelegCcacheUnique On
   GssapiUseS4U2Proxy on
   GssapiAllowedMech krb5
   Require valid-user
@@ -77,19 +82,10 @@ WSGIScriptReloading Off
   Header always append Content-Security-Policy "frame-ancestors 'none'"
 </Location>
 
-# Turn off Apache authentication for sessions
-<Location "/ipa/session/json">
-  Satisfy Any
-  Order Deny,Allow
-  Allow from all
-</Location>
-
-<Location "/ipa/session/xml">
-  Satisfy Any
-  Order Deny,Allow
-  Allow from all
-</Location>
+# Target for login with internal connections
+Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login"
 
+# Turn off Apache authentication for password/token based login pages
 <Location "/ipa/session/login_password">
   Satisfy Any
   Order Deny,Allow
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 715912d8b..6f35a329e 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -86,7 +86,9 @@ dist_app_DATA =				\
 	vault.ldif			\
 	kdcproxy-enable.uldif		\
 	kdcproxy-disable.uldif		\
-	ipa-httpd.conf.template
+	ipa-httpd.conf.template		\
+	gssapi.login			\
+	$(NULL)
 
 kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy
 dist_kdcproxyconf_DATA =			\
diff --git a/install/share/gssapi.login b/install/share/gssapi.login
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/install/share/gssapi.login
diff --git a/install/share/memcache-remove.uldif b/install/share/memcache-remove.uldif
new file mode 100644
index 000000000..e6ca1a617
--- /dev/null
+++ b/install/share/memcache-remove.uldif
@@ -0,0 +1 @@
+deleteentry: cn=MEMCACHE,cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX