From 30375db50f9656357fe5591d2633a90a7e260de7 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Wed, 3 Sep 2014 16:06:49 -0400 Subject: [PATCH] Enabled certificate revocation checking by default. The CS.cfg templates for all subsystems have been modified to enable certificate revocation checking during authentication. This will affect new installations only. Ticket #1117, #1134 --- base/kra/shared/conf/CS.cfg.in | 4 +++- base/ocsp/shared/conf/CS.cfg.in | 4 ++++ base/tks/shared/conf/CS.cfg.in | 4 ++++ base/tps-tomcat/shared/conf/CS.cfg.in | 4 ++++ 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/base/kra/shared/conf/CS.cfg.in b/base/kra/shared/conf/CS.cfg.in index a3cf7918ead1ff5d777d3027b977385da80907a3..236b484bbe08c741bfdc2734149c486180cb56fa 100644 --- a/base/kra/shared/conf/CS.cfg.in +++ b/base/kra/shared/conf/CS.cfg.in @@ -155,8 +155,10 @@ auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents auths.instance.AgentCertAuth.pluginName=AgentCertAuth auths.instance.TokenAuth.pluginName=TokenAuth auths.revocationChecking.bufferSize=50 -auths.revocationChecking.enabled=false +auths.revocationChecking.enabled=true auths.revocationChecking.kra=kra +auths.revocationChecking.unknownStateInterval=0 +auths.revocationChecking.validityInterval=120 authz._000=## authz._001=## new authorizatioin authz._002=## diff --git a/base/ocsp/shared/conf/CS.cfg.in b/base/ocsp/shared/conf/CS.cfg.in index 9f92ebfe221e2d653d761012ea12cf9abdb3422c..3603e4d2139bf16ceb7320ab014f4e7abcae6052 100644 --- a/base/ocsp/shared/conf/CS.cfg.in +++ b/base/ocsp/shared/conf/CS.cfg.in @@ -141,6 +141,10 @@ auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents auths.instance.AgentCertAuth.pluginName=AgentCertAuth auths.instance.TokenAuth.pluginName=TokenAuth auths.revocationChecking.bufferSize=50 +auths.revocationChecking.enabled=true +auths.revocationChecking.ocsp=ocsp +auths.revocationChecking.unknownStateInterval=0 +auths.revocationChecking.validityInterval=120 authz._000=## authz._001=## new authorizatioin authz._002=## diff --git a/base/tks/shared/conf/CS.cfg.in b/base/tks/shared/conf/CS.cfg.in index bd2858d023c88b318d4a28a9e6456d509c3156fa..41937d1407ea687b59a2bdd5cb0292a126e057cb 100644 --- a/base/tks/shared/conf/CS.cfg.in +++ b/base/tks/shared/conf/CS.cfg.in @@ -132,6 +132,10 @@ auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents auths.instance.AgentCertAuth.pluginName=AgentCertAuth auths.instance.TokenAuth.pluginName=TokenAuth auths.revocationChecking.bufferSize=50 +auths.revocationChecking.enabled=true +auths.revocationChecking.tks=tks +auths.revocationChecking.unknownStateInterval=0 +auths.revocationChecking.validityInterval=120 authz._000=## authz._001=## new authorizatioin authz._002=## diff --git a/base/tps-tomcat/shared/conf/CS.cfg.in b/base/tps-tomcat/shared/conf/CS.cfg.in index e91b3451c2716a97d311de1b251b657d2b4ddfdf..1647acc5dc2d0e9ea74a7ad0369755db5ef62f13 100644 --- a/base/tps-tomcat/shared/conf/CS.cfg.in +++ b/base/tps-tomcat/shared/conf/CS.cfg.in @@ -66,6 +66,10 @@ auths.instance.ldap1.ldap.ldapconn.version=3 auths.instance.ldap1.pluginName=UidPwdDirAuth auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth auths.revocationChecking.bufferSize=50 +auths.revocationChecking.enabled=true +auths.revocationChecking.tps=tps +auths.revocationChecking.unknownStateInterval=0 +auths.revocationChecking.validityInterval=120 authType=pwd authz._000=## authz._001=## new authorizatioin -- 1.8.4.2