URL:
https://github.com/freeipa/freeipa/pull/855
Author: simo5
Title: #855: Prevent issues with older clients
Action: opened
PR body:
"""
Older clients have issues parsing cookies, and cannot handle well the MaxAge setting.
So the first patch is about removing it.
Unfortunately this means cookies will be valid for the duration of the authentication
ticket which is set to 24h by default.
This is a bit high, so the second patch adds the ability to set the
"kinit_lifetime" in /etc/api/default.conf so that users authenticating using
username/password can have their tickets (and therefore their session) hard capped at
whatever lifetime is set there.
Users that use HTTP negotiate can control their session duration by getting shorter lived
tickets via kinit.
In all cases users can click on the logout button to blow away credentials.
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/855/head:pr855
git checkout pr855