On Fri, 27 May 2016, Robbie Harwood wrote:
Stanislav Laznicka <slazn...@redhat.com> writes:

From 7a55f169181ab8647cd2d919f35c004b14d5bc7f Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Fri, 27 May 2016 16:12:31 +0200
Subject: [PATCH] Added krb5.conf.d/ to included dirs in krb5.conf

The include of /etc/krb5.conf.d/ is required for crypto-policies to work 


Thank you for working on this.  Is the intent on the part of FreeIPA to
keep a separate, freeipa-speicifc directory?  And if so, can I suggest
that we not do that?
Which directory are you talking about? /var/lib/sss/pubconf/krb5.include.d/?

SSSD directory is used already by all FreeIPA clients for very long time
because SSSD puts several important snippets there:
 - CA paths and domain_realm information based on the trust topology of FreeIPA
 - localauth plugin definition for SSSD plugin

SSSD cannot write to /etc and I don't think we have to change it.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to