From: Thomas Lamprecht Date: Tue, 21 May 2019 19:29:59 +0000 (+0200) Subject: fix #2079: activate authkey rotation every 24 hours X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=243262f1853e94bd02d0614a1ae76442ec1e85e9 fix #2079: activate authkey rotation every 24 hours This activates the authkey rotation added in commits 1800a71a79c7cf49108e22781d2f34be87b1efd through f7282aee6b2ae36b7cfc2331e33e49a818b914fd Signed-off-by: Thomas Lamprecht --- diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm index 512fcd2..5de060d 100644 --- a/PVE/AccessControl.pm +++ b/PVE/AccessControl.pm @@ -47,9 +47,8 @@ my $pve_auth_key_files = { my $pve_auth_key_cache = {}; -my $ticket_lifetime = 3600*2; # 2 hours -# TODO: set to 24h for PVE 6.0 -my $authkey_lifetime = 3600*0; # rotation disabled +my $ticket_lifetime = 3600 * 2; # 2 hours +my $authkey_lifetime = 3600 * 24; # rotate every 24 hours Crypt::OpenSSL::RSA->import_random_seed(); diff --git a/debian/postinst b/debian/postinst index 62dbfbc..ed30455 100755 --- a/debian/postinst +++ b/debian/postinst @@ -6,18 +6,17 @@ set -e case "$1" in configure) - # TODO: enable for PVE 6.0 -# if test -n "$2"; then -# -# # TODO: remove once PVE 7.0 is released -# if dpkg --compare-versions "$2" 'lt' '6.0-1'; then -# if test ! -e /etc/pve/authkey.pub.old; then -# # reset key age to prevent immediate invalidation of all current tickets -# touch -d "-2 hours" /etc/pve/authkey.pub || true -# fi -# fi -# -# fi + if test -n "$2"; then + + # TODO: remove once PVE 7.0 is released + if dpkg --compare-versions "$2" 'lt' '6.0-0+1'; then + if test ! -e /etc/pve/authkey.pub.old; then + # reset key age to prevent immediate invalidation of all current tickets + touch -d "-2 hours" /etc/pve/authkey.pub || true + fi + fi + + fi ;; esac