From 2bab2d4963daa99742875f3633a99966bc56f5a3 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Apr 27 2017 10:35:46 +0000 Subject: Store GSSAPI session key in /var/run/ipa Runtime data should be stored in /var/run instead of /etc/httpd/alias. This change is also compatible with selinux policy. https://pagure.io/freeipa/issue/6880 Reviewed-By: Tomas Krizek Reviewed-By: Jan Cholasta --- diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 75c122e..56c8995 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -1,5 +1,5 @@ # -# VERSION 25 - DO NOT REMOVE THIS LINE +# VERSION 26 - DO NOT REMOVE THIS LINE # # This file may be overwritten on upgrades. # @@ -78,7 +78,7 @@ WSGIScriptReloading Off SessionCookieName ipa_session path=/ipa;httponly;secure; SessionHeader IPASESSION SessionMaxAge 1800 - GssapiSessionKey file:/etc/httpd/alias/ipasession.key + GssapiSessionKey file:/var/run/ipa/session.key GssapiImpersonate On GssapiDelegCcacheDir /var/run/ipa/ccaches @@ -127,7 +127,7 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login" SessionCookieName ipa_session path=/ipa;httponly;secure; SessionHeader IPASESSION SessionMaxAge 1800 - GssapiSessionKey file:/etc/httpd/alias/ipasession.key + GssapiSessionKey file:/var/run/ipa/session.key Header unset Set-Cookie