On Mon, 2009-10-12 at 15:46 +0200, Sumit Bose wrote: > There is a problem with --debug-to-files. krb5_child runs as the user > requesting the ticket so the path to krb5_child.log needs to have > matching permissions. A possible solution would be to create the file > with 666 permissions during the setup of the kerberos backend. Any > other > ideas?
You *really* don't want to have log files 666 ever. The easiest way would be to open the log file from the parent *without* CLOSE_ON_EXEC, and pass the fd number to krb5_child on the command line, and then have krb5_child use that fd to send debug messages. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel