On Thu, 2017-04-27 at 10:42 +0200, MartinBasti wrote:
>   URL: https://github.com/freeipa/freeipa/pull/723
> Title: #723: Store GSSAPI session key in /var/run/httpd
> Label: +ack

Guys I explained in the bug[1] that this is wrong, why was this acked
and pushed ?

Besides how does this even work ? /var/run/ipa is owned by root and
apache has no rights to create files there and the patch does not
address any permission problem.

I assume what happens is that now mod_auth_gssapi is runnig with an
ephemeral in-process key, which means any reload or restart of apache
will change the key.

Please revert!


[1] https://pagure.io/freeipa/issue/6880#comment-437767

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to