#4189 [RFE] Use GSS-Proxy for the HTTP service
Closed: Fixed None Opened 8 years ago by simo.

Using GSS-Proxy we can increase the security of the solutoin especially for those admins that want to add additional (though unrelated) services to the IPA server.

By deferring the HTTP keytab management to GSS-Proxy and not making it available to the apache process we can avoid a class of local inter-application attacks.

The FreeIPA 4.2 was already shaped (see [[milestone:FreeIPA 4.2]] milestone), this does not fit. Pushing out.

If anyone is willing to help and contribute to this one, please let us know!


  • d2f5fc3 Configure HTTPD to work via Gss-Proxy

Metadata Update from @simo:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5

5 years ago

Login to comment on this ticket.