URL: https://github.com/freeipa/freeipa/pull/723 Author: MartinBasti Title: #723: Store GSSAPI session key in /var/run/httpd Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/723/head:pr723 git checkout pr723
From 317c89410b4e43f8fdc617695b613d9ef7cac32e Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Thu, 20 Apr 2017 10:39:08 +0200 Subject: [PATCH] Store GSSAPI session key in /var/run/ipa Runtime data should be stored in /var/run instead of /etc/httpd/alias. This change is also compatible with selinux policy. https://pagure.io/freeipa/issue/6880 --- install/conf/ipa.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 75c122e..56c8995 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -1,5 +1,5 @@ # -# VERSION 25 - DO NOT REMOVE THIS LINE +# VERSION 26 - DO NOT REMOVE THIS LINE # # This file may be overwritten on upgrades. # @@ -78,7 +78,7 @@ WSGIScriptReloading Off SessionCookieName ipa_session path=/ipa;httponly;secure; SessionHeader IPASESSION SessionMaxAge 1800 - GssapiSessionKey file:/etc/httpd/alias/ipasession.key + GssapiSessionKey file:/var/run/ipa/session.key GssapiImpersonate On GssapiDelegCcacheDir /var/run/ipa/ccaches @@ -127,7 +127,7 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login" SessionCookieName ipa_session path=/ipa;httponly;secure; SessionHeader IPASESSION SessionMaxAge 1800 - GssapiSessionKey file:/etc/httpd/alias/ipasession.key + GssapiSessionKey file:/var/run/ipa/session.key Header unset Set-Cookie </Location>
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code