[Freeipa-devel] [PATCH 61] Cache authentication in session
Simo Sorce
simo at redhat.com
Wed Jan 25 14:37:43 UTC 2012
On Wed, 2012-01-25 at 09:16 -0500, Rob Crittenden wrote:
> John Dennis wrote:
> > On 01/23/2012 06:15 PM, John Dennis wrote:
> >> Rebased patch attached (includes contents of previous patch 60).
> >>
> >> The issues with ipa_memcached belonged to patch 59, that patch was
> >> rebased and resubmitted.
> >>
> >> I cannot reproduce the looping problem you saw. The only thing I can
> >> think of is that you were running with SELinux enabled and currently
> >> ipa_memcached requires SELinux to be disabled otherwise the whole
> >> caching mechanism fails.
> >
> > O.K., let's try this again with the patch actually attached :-)
>
> NACK. It doesn't work if ipa_memcached is not configured (-M install
> option).
>
> I tested this last night then picked up testing again this morning and
> was greeted with the attached image. I'm not sure if this is a browser
> issue, the fact that my browser was being redirected from a VM to the
> display on my desktop or the current cosmic rays.
>
> We also need a way to do a logout. The user can do a kdestroy and still
> have an active session. If this isn't covered in the any current tickets
> please open a new one. As far as I can tell you provide a facility for
> invalidating a cache entry, I'm just not sure if that is enough for the
> UI guys to hook in to.
>
> I think you were right about SELinux. When I put it into permissive mode
> then the caching worked. The UI is much more responsive now.
We definitely need a ticket to add a "Log Out" button. It is nice when
you can log out even if you haven't destroyed your credentials.
May be used by a normal user to go to the form based login to login as
admin w/o having to kinit admin first in the future.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list