415295a Allow HTTPd user to access SSSD IFP

Authored and Committed by cheimes 2 years ago
    Allow HTTPd user to access SSSD IFP
    For smart card and certificate authentication, Apache's
    mod_lookup_identity module must be able to acess SSSD IFP. The module
    accesses IFP as Apache user, not as ipaapi user.
    Apache is not allowed to use IFP by default. The update code uses the
    service's ok-to-auth-as-delegate flag to detect smart card / cert auth.
    See: https://pagure.io/freeipa/issue/7751
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
file modified
+9 -1