fix #2079: activate authkey rotation every 24 hours

This activates the authkey rotation added in commits 1800a71a79c7cf49108e22781d2f34be87b1efd through f7282aee6b Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2025-06-02 02:57:48 +00:00 · 2019-05-21 21:29:59 +02:00 · 2019-05-21 21:29:59 +02:00 · 243262f185
commit 243262f185
parent 049d789bb1
2 changed files with 13 additions and 15 deletions
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@ -47,9 +47,8 @@ my $pve_auth_key_files = {

 my $pve_auth_key_cache = {};

-my $ticket_lifetime = 3600*2; # 2 hours
-# TODO: set to 24h for PVE 6.0
-my $authkey_lifetime = 3600*0; # rotation disabled
+my $ticket_lifetime = 3600 * 2; # 2 hours
+my $authkey_lifetime = 3600 * 24; # rotate every 24 hours

 Crypt::OpenSSL::RSA->import_random_seed();

--- a/debian/postinst
+++ b/debian/postinst
@ -6,18 +6,17 @@ set -e

 case "$1" in
  configure)
-        # TODO: enable for PVE 6.0
-#    if test -n "$2"; then
-#
-#        # TODO: remove once PVE 7.0 is released
-#        if dpkg --compare-versions "$2" 'lt' '6.0-1'; then
-#            if test ! -e /etc/pve/authkey.pub.old; then
-#                # reset key age to prevent immediate invalidation of all current tickets
-#                touch -d "-2 hours" /etc/pve/authkey.pub || true
-#            fi
-#       fi
-#
-#    fi
+    if test -n "$2"; then
+
+        # TODO: remove once PVE 7.0 is released
+        if dpkg --compare-versions "$2" 'lt' '6.0-0+1'; then
+            if test ! -e /etc/pve/authkey.pub.old; then
+                # reset key age to prevent immediate invalidation of all current tickets
+                touch -d "-2 hours" /etc/pve/authkey.pub || true
+            fi
+       fi
+
+    fi
    ;;

 esac