From 8b88ef00331f1fbb28802b3eba5ced62daeffc9e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 19 Aug 2016 09:23:55 -0400 Subject: Change session handling Stop using memcache, use mod_auth_gssapi filesystem based ccaches. Remove custom session handling, use mod_auth_gssapi and mod_session to establish and keep a session cookie. Add loopback to mod_auth_gssapi to do form absed auth and pass back a valid session cookie. And now that we do not remove ccaches files to move them to the memcache, we can avoid the risk of pollutting the filesystem by keeping a common ccache file for all instances of the same user. https://fedorahosted.org/freeipa/ticket/5959 Signed-off-by: Simo Sorce --- install/share/Makefile.am | 4 +++- install/share/gssapi.login | 0 install/share/memcache-remove.uldif | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 install/share/gssapi.login create mode 100644 install/share/memcache-remove.uldif (limited to 'install/share') diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 715912d8b..6f35a329e 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -86,7 +86,9 @@ dist_app_DATA = \ vault.ldif \ kdcproxy-enable.uldif \ kdcproxy-disable.uldif \ - ipa-httpd.conf.template + ipa-httpd.conf.template \ + gssapi.login \ + $(NULL) kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy dist_kdcproxyconf_DATA = \ diff --git a/install/share/gssapi.login b/install/share/gssapi.login new file mode 100644 index 000000000..e69de29bb diff --git a/install/share/memcache-remove.uldif b/install/share/memcache-remove.uldif new file mode 100644 index 000000000..e6ca1a617 --- /dev/null +++ b/install/share/memcache-remove.uldif @@ -0,0 +1 @@ +deleteentry: cn=MEMCACHE,cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX -- cgit