freeipa-client contains two files: ipa.js and ipa.cfg which should serve for global Firefox configuration (kerberos settings).
luckily these files are not loaded because they are located in /usr/share/ipa and nothing points to them.
Additionally code in ipaclient contains other methods of Firefox configuration, all of them wrong - they do not meet config recommendations .
This feature should be fixed or completely removed.
Possible solutions to fix the feature might be:
a. create user.js in each FF profile
b. create global config file /usr/lib64/firefox/browser/defaults/browser-freeipa.js (can be a symlink to different location)
// First line is ignored
// other settings...
2. http://mike.kaply.com/2012/03/15/customizing-firefox-default-preference-files/ and other articles there
Make the configuration instructions correct.
3.4 development was shifted for one month, moving tickets to reflect reality better.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1108220
A note what was actually implemented:
There are two parts:
Removed from ipa-client package:
Added ipa-client-install options:
--firefox-dir specifies where is firefox installed, usually it can be omitted. By default it is set to: /usr/lib64/firefox or /usr/lib/firefox
Will create global configuration file which will affect default settings for firefox configuration options as follows:
pref("network.negotiate-auth.trusted-uris", ".$DOMAIN"); <-- IPA domain
The config file should be located at $firefox_dir/browser/defaults/preferences/all-ipa.js
Basically if this is run on a system with Firefox along with https://fedorahosted.org/freeipa/ticket/3504 , user then doesn't have to run browser configuration from Web UI, i.e., this config should have the same effect as the kerberos firefox extension.
Metadata Update from @pvoborni:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.0 - 2013/11
to comment on this ticket.