[PATCH] 130 Enabled Tomcat security manager.
by Endi Sukma Dewata
The tomcat.conf and pkideployment.cfg have been modified to enable
the security manager. The catalina.policy has been updated with
more specific permissions for PKI.
Ticket #223
--
Endi S. Dewata
11 years, 6 months
[PATCH] 79 - restrict AJP to localhost
by Ade Lee
Ticket 369 - Restrict AJP to localhost by default.
Here is how I tested:
1. installed ipa master
2. installed ipa clone
3. Modified the ipa clone ipa-dogtag-proxy.conf file
in /etc/httpd/conf.d to point to the master rather than localhost and
restarted httpd.
4. Tried to access https://<clone host>/ca/admin/ca/getStatus and
https://<master_host>/ca/admin/ca/getStatus
Before the change, I am able to reach the page from both URIs. With the
change, the page is only accessible from the master.
Please review.
Ade
11 years, 6 months
[PATCH] 134 Added PKIPrincipal.
by Endi Sukma Dewata
Previously in PKIRealm the authentication token was stored in a thread
local variable. This does not work for multiple operations executed
using the same session because each operation may be handled by
different threads. A new PKIPrincipal has been added to store the
authentication token so that the threads can get the correct token
for the session.
Ticket #357
--
Endi S. Dewata
11 years, 6 months
[PATCH] 133 Added PKIConnection.
by Endi Sukma Dewata
The code in PKIClient has been refactored into PKIConnection
such that a single connection object can be used by several
REST clients. The PKIClient will remain the base class for
all REST clients.
Ticket #357
--
Endi S. Dewata
11 years, 6 months
