Ipsilon: rename the service keytab file for coherence
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
parent
5e359beda9
commit
b2df514b95
3 changed files with 4 additions and 4 deletions
|
@ -28,7 +28,7 @@
|
|||
|
||||
- role: openshift/keytab
|
||||
app: ipsilon
|
||||
key: ipsilon-keytab
|
||||
key: service.keytab
|
||||
secret_name: ipsilon-keytab
|
||||
service: HTTP
|
||||
host: "id{{ env_suffix }}.fedoraproject.org"
|
||||
|
|
|
@ -21,8 +21,8 @@ data:
|
|||
ticket_lifetime = 24h
|
||||
renew_lifetime = 7d
|
||||
forwardable = true
|
||||
default_keytab_name = FILE:/etc/keytabs/ipsilon-keytab
|
||||
default_client_keytab_name = FILE:/etc/keytabs/ipsilon-keytab
|
||||
default_keytab_name = FILE:/etc/keytabs/service.keytab
|
||||
default_client_keytab_name = FILE:/etc/keytabs/service.keytab
|
||||
[realms]
|
||||
{{ ipa_realm }} = {
|
||||
kdc = https://id{{ env_suffix }}.fedoraproject.org/KdcProxy
|
||||
|
|
|
@ -31,7 +31,7 @@ WSGIRestrictSignal Off
|
|||
|
||||
<Location /login/gssapi/negotiate>
|
||||
AuthName "GSSAPI Single Sign On Login"
|
||||
GssapiCredStore keytab:/etc/keytabs/ipsilon-keytab
|
||||
GssapiCredStore keytab:/etc/keytabs/service.keytab
|
||||
AuthType GSSAPI
|
||||
# This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
|
||||
GssapiSSLonly Off
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue