David O'Brien wrote:
Dmitri Pal wrote:
On 02/07/2011 06:46 PM, David O'Brien wrote:
Jenny Galipeau wrote:
Pavel Zuna wrote:
It seems that restarting krb5kdc is only needed when changes to the
global policy are made. Per-user policies take effect immediately
for newly requested tickets. Can someone please confirm?
Yes, in testing this is the behavior. If the help could specify that
a ipactl restart is required after global policy change, that would
be great.
Thanks
Jenny
Please raise a suitable bugzilla to get this included in the user doc.
So far I only have doc about restarting IPA services after ipa
krbtpolicy-reset.
Isn't it the same thing?
I took "changes" to mean using krbtpolicy-mod and any others, not just
-reset, which is the info I received last time.
The bottom line is that any change to the global Kerberos ticket policy
requires a restart of the KDC to see the changes (/sbin/service krb5kdc
restart). IMHO restarting the entire IPA world for this is overkill.
rob
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
