URL: https://github.com/freeipa/freeipa/pull/543 Author: simo5 Title: #543: Add options to allow ticket caching Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/543/head:pr543 git checkout pr543
From 513c118d741594bf6bab6302a4b24c23168c4c44 Mon Sep 17 00:00:00 2001 From: Simo Sorce <s...@redhat.com> Date: Mon, 6 Mar 2017 13:46:44 -0500 Subject: [PATCH] Add options to allow ticket caching This new option (planned to land in gssproxy 0.7) we cache the ldap ticket properly and avoid a ticket lookup to the KDC on each and every ldap connection. (Also requires krb5 libs 1.15.1 to benefit from caching). Signed-off-by: Simo Sorce <s...@redhat.com> --- install/share/gssproxy.conf.template | 2 ++ 1 file changed, 2 insertions(+) diff --git a/install/share/gssproxy.conf.template b/install/share/gssproxy.conf.template index fbb158a..9d11100 100644 --- a/install/share/gssproxy.conf.template +++ b/install/share/gssproxy.conf.template @@ -4,6 +4,7 @@ cred_store = keytab:$HTTP_KEYTAB cred_store = client_keytab:$HTTP_KEYTAB allow_protocol_transition = true + allow_client_ccache_sync = true cred_usage = both euid = $HTTPD_USER @@ -12,5 +13,6 @@ cred_store = keytab:$HTTP_KEYTAB cred_store = client_keytab:$HTTP_KEYTAB allow_constrained_delegation = true + allow_client_ccache_sync = true cred_usage = initiate euid = $IPAAPI_USER
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code