[Freeipa-devel] [freeipa PR#743][opened] [ipa-4-5] Revert "Store GSSAPI session key in /var/run/ipa"

Thu, 27 Apr 2017 05:39:50 -0700 

   URL: https://github.com/freeipa/freeipa/pull/743
Author: martbab
 Title: #743: [ipa-4-5] Revert "Store GSSAPI session key in /var/run/ipa"
Action: opened

PR body:
"""
This reverts commit 2bab2d4. It was
pointed out that apache has no access to /var/lib/ipa directry breaking
the session handling.

https://pagure.io/freeipa/issue/6880
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/743/head:pr743
git checkout pr743

From eda0662a1a538a4909ad732788f33eed3c18af70 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Thu, 27 Apr 2017 14:38:25 +0200
Subject: [PATCH] [ipa-4-5] Revert "Store GSSAPI session key in /var/run/ipa"

This reverts commit 2bab2d4. It was
pointed out that apache has no access to /var/lib/ipa directry breaking
the session handling.

https://pagure.io/freeipa/issue/6880
---
 install/conf/ipa.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index 56c8995..75c122e 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -1,5 +1,5 @@
 #
-# VERSION 26 - DO NOT REMOVE THIS LINE
+# VERSION 25 - DO NOT REMOVE THIS LINE
 #
 # This file may be overwritten on upgrades.
 #
@@ -78,7 +78,7 @@ WSGIScriptReloading Off
   SessionCookieName ipa_session path=/ipa;httponly;secure;
   SessionHeader IPASESSION
   SessionMaxAge 1800
-  GssapiSessionKey file:/var/run/ipa/session.key
+  GssapiSessionKey file:/etc/httpd/alias/ipasession.key
 
   GssapiImpersonate On
   GssapiDelegCcacheDir /var/run/ipa/ccaches
@@ -127,7 +127,7 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login"
   SessionCookieName ipa_session path=/ipa;httponly;secure;
   SessionHeader IPASESSION
   SessionMaxAge 1800
-  GssapiSessionKey file:/var/run/ipa/session.key
+  GssapiSessionKey file:/etc/httpd/alias/ipasession.key
 
   Header unset Set-Cookie
 </Location>

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to