Always require SSL in the Kerberos authorization block.
This also corrects a slight bug where if add is True then we always re-update the file.
rob
>From ab958d79c51951a6c635611905732ab55b544c9f Mon Sep 17 00:00:00 2001 From: Rob Crittenden <rcrit...@redhat.com> Date: Fri, 23 Sep 2011 11:46:59 -0400 Subject: [PATCH] Always require SSL in the Kerberos authorization block. This also corrects a slight bug where if add is True then we always re-update the file. https://fedorahosted.org/freeipa/ticket/1755 --- install/conf/ipa.conf | 3 ++- install/tools/ipa-upgradeconfig | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 72e3e4c..2339387 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -1,5 +1,5 @@ # -# VERSION 2 - DO NOT REMOVE THIS LINE +# VERSION 3 - DO NOT REMOVE THIS LINE # # LoadModule auth_kerb_module modules/mod_auth_kerb.so @@ -45,6 +45,7 @@ WSGIScriptReloading Off # Protect /ipa with Kerberos <Location "/ipa"> + NSSRequireSSL AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 1b08382..cae0964 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -116,7 +116,7 @@ def upgrade(sub_dict, filename, template, add=False): if new < 0: print "%s not found." % template - if old < new or add: + if old < new: backup_file(filename, new) update_conf(sub_dict, filename, template) print "Upgraded %s to version %d" % (filename, new) -- 1.7.6
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
