URL: https://github.com/freeipa/freeipa/pull/468
Author: simo5
 Title: #468: Remove non-sensical kdestroy on https stop
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/468/head:pr468
git checkout pr468
From f12cd62b561891c428ce0540c45e7a1ca71784a3 Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Wed, 15 Feb 2017 04:44:59 -0500
Subject: [PATCH] Remove non-sensical kdestroy on https stop

This kdestroy runs as root and wipes root's own ccachs ...
this is totally inappropriate.
Use a file ccache that ends up in the private tmp, so that if the
service is restarted the file is automatically removed.

https://fedorahosted.org/freeipa/ticket/6673

Signed-off-by: Simo Sorce <s...@redhat.com>
---
 install/share/ipa-httpd.conf.template | 2 +-
 ipaplatform/redhat/tasks.py           | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/install/share/ipa-httpd.conf.template b/install/share/ipa-httpd.conf.template
index 8822066..17106f1 100644
--- a/install/share/ipa-httpd.conf.template
+++ b/install/share/ipa-httpd.conf.template
@@ -1,7 +1,7 @@
 # Do not edit. Created by IPA installer.
 
 [Service]
+Environment=KRB5CCNAME=/tmp/krb5-httpd
 Environment=GSS_USE_PROXY=yes
 Environment=KDCPROXY_CONFIG=$KDCPROXY_CONFIG
 ExecStartPre=$IPA_HTTPD_KDCPROXY
-ExecStopPost=$POST
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 5bddd14..a5f0077 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -458,7 +458,6 @@ def configure_httpd_service_ipa_conf(self):
             dict(
                 KDCPROXY_CONFIG=paths.KDCPROXY_CONFIG,
                 IPA_HTTPD_KDCPROXY=paths.IPA_HTTPD_KDCPROXY,
-                POST='-{kdestroy} -A'.format(kdestroy=paths.KDESTROY)
             )
         )
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to