Always require SSL in the Kerberos authorization block.

This also corrects a slight bug where if add is True then we always re-update the file.

rob
>From ab958d79c51951a6c635611905732ab55b544c9f Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Fri, 23 Sep 2011 11:46:59 -0400
Subject: [PATCH] Always require SSL in the Kerberos authorization block.

This also corrects a slight bug where if add is True then we always
re-update the file.

https://fedorahosted.org/freeipa/ticket/1755
---
 install/conf/ipa.conf           |    3 ++-
 install/tools/ipa-upgradeconfig |    2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index 72e3e4c..2339387 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -1,5 +1,5 @@
 #
-# VERSION 2 - DO NOT REMOVE THIS LINE
+# VERSION 3 - DO NOT REMOVE THIS LINE
 #
 # LoadModule auth_kerb_module modules/mod_auth_kerb.so
 
@@ -45,6 +45,7 @@ WSGIScriptReloading Off
 
 # Protect /ipa with Kerberos
 <Location "/ipa">
+  NSSRequireSSL
   AuthType Kerberos
   AuthName "Kerberos Login"
   KrbMethodNegotiate on
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 1b08382..cae0964 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -116,7 +116,7 @@ def upgrade(sub_dict, filename, template, add=False):
     if new < 0:
         print "%s not found." % template
 
-    if old < new or add:
+    if old < new:
         backup_file(filename, new)
         update_conf(sub_dict, filename, template)
         print "Upgraded %s to version %d" % (filename, new)
-- 
1.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to