Hi There is one thing that i have never really understood, when a user goes to https://ipaserver.com/ipa/ui/ he/she get's
a Apache login prompt and has to click cancel a coulple of times before getting to the Ipa login screen.It seems to be
caused by /etc/httpd/conf.d/ipa.conf which has the configuration below, why is that even there when it's not even logging
users into Ipa?'RegardsPer<Location "/ipa"> AuthType GSSAPI AuthName "Kerberos Login"
GssapiUseSessions On Session On SessionCookieName ipa_session path=/ipa;httponly;secure; SessionHeader IPASESSION #
Uncomment the following to have shorter sessions, but beware this may break # old IPA client tols that incorrectly parse
cookies. # SessionMaxAge 1800 GssapiSessionKey file:/etc/httpd/alias/ipasession.key GssapiImpersonate On
GssapiDelegCcacheDir /run/ipa/ccaches GssapiDelegCcachePerms mode:0660 GssapiDelegCcacheUnique On GssapiUseS4U2Proxy
on GssapiAllowedMech krb5 Require valid-user ErrorDocument 401 /ipa/errors/unauthorized.html WSGIProcessGroup ipa
WSGIApplicationGroup ipa Header always append X-Frame-Options DENY Header always append Content-Security-Policy
"frame-ancestors 'none'" # mod_session always sets two copies of the cookie, and this confuses our # legacy
clients, the unset here works because it ends up unsetting only one # of the 2 header tables set by mod_session, leaving
the other intact Header unset Set-Cookie # Disable etag http header. Doesn't work well with mod_deflate #
https://issues.apache.org/bugzilla/show_bug.cgi?id=45023 # Usage of last-modified header and modified-since validator is
sufficient. Header unset ETag FileETag None</Location>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
