From 54135ecd9a96f59429cfd535f3add282b535d3e3 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 6 Jun 2012 22:54:16 -0400
Subject: Store session cookie in ccache for cli users

Try to use the URI /ipa/session/xml if there is a key in the kernel
keyring. If there is no cookie or it turns out to be invalid (expired,
whatever) then use the standard URI /ipa/xml. This in turn will create
a session that the user can then use later.

https://fedorahosted.org/freeipa/ticket/2331
---
 install/conf/ipa.conf | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'install/conf')

diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index b52d9d2ff..b01a0c2b4 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -1,5 +1,7 @@
 #
-# VERSION 5 - DO NOT REMOVE THIS LINE
+# VERSION 6 - DO NOT REMOVE THIS LINE
+#
+# This file may be overwritten on upgrades.
 #
 # LoadModule auth_kerb_module modules/mod_auth_kerb.so
 
@@ -66,6 +68,12 @@ KrbConstrainedDelegationLock ipa
   Allow from all
 </Location>
 
+<Location "/ipa/session/xml">
+  Satisfy Any
+  Order Deny,Allow
+  Allow from all
+</Location>
+
 <Location "/ipa/session/login_password">
   Satisfy Any
   Order Deny,Allow
-- 
cgit