[Freeipa-users] Cockpit integration part I - Single Sign On
Alexander Bokovoy
abokovoy at redhat.com
Mon Jan 4 11:11:04 UTC 2016
On Mon, 04 Jan 2016, Alexander Bokovoy wrote:
>On Mon, 04 Jan 2016, Marius Vollmer wrote:
>>Alexander Bokovoy <abokovoy at redhat.com> writes:
>>
>>>Thanks. I think we actually could do better by using gss-proxy -- if
>>>only cockpit-ws would cooperate[1]. I'll file a bug
>>
>>Thanks!
>>
>>>-- when cockpit-ws launches cockpit-session it doesn't pass anything
>>>from the environment cockpit-ws was launched with.
>>
>>It uses NULL as the envp argument, which means that cockpit-session
>>inherits the environment from cockpit-ws, no?
>You're right.
>
>>cockpit-session itself calls clearenv() very early, and that is probably
>>the reason why GSS_USE_PROXY doesn't work.
>>
>>https://github.com/cockpit-project/cockpit/blob/master/src/ws/session.c#L955
>In that case adding GSS_USE_PROXY to env_names and moving restore of the
>environment before the PAM processing would probably be a solution?
I've filed an issue to cockpit:
https://github.com/cockpit-project/cockpit/issues/3407
It is a bit more complicated due to cockpit-session fiddling with
setuid().
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list