Ipsilon: rename the service keytab file for coherence

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2020-09-16 15:28:08 +02:00
parent 5e359beda9
commit b2df514b95
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
3 changed files with 4 additions and 4 deletions

View file

@ -28,7 +28,7 @@
- role: openshift/keytab
app: ipsilon
key: ipsilon-keytab
key: service.keytab
secret_name: ipsilon-keytab
service: HTTP
host: "id{{ env_suffix }}.fedoraproject.org"

View file

@ -21,8 +21,8 @@ data:
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
default_keytab_name = FILE:/etc/keytabs/ipsilon-keytab
default_client_keytab_name = FILE:/etc/keytabs/ipsilon-keytab
default_keytab_name = FILE:/etc/keytabs/service.keytab
default_client_keytab_name = FILE:/etc/keytabs/service.keytab
[realms]
{{ ipa_realm }} = {
kdc = https://id{{ env_suffix }}.fedoraproject.org/KdcProxy

View file

@ -31,7 +31,7 @@ WSGIRestrictSignal Off
<Location /login/gssapi/negotiate>
AuthName "GSSAPI Single Sign On Login"
GssapiCredStore keytab:/etc/keytabs/ipsilon-keytab
GssapiCredStore keytab:/etc/keytabs/service.keytab
AuthType GSSAPI
# This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
GssapiSSLonly Off