On Thu, 2017-04-27 at 10:42 +0200, MartinBasti wrote:
> URL: https://github.com/freeipa/freeipa/pull/723
> Title: #723: Store GSSAPI session key in /var/run/httpd
> Label: +ack
Guys I explained in the bug that this is wrong, why was this acked
and pushed ?
Besides how does this even work ? /var/run/ipa is owned by root and
apache has no rights to create files there and the patch does not
address any permission problem.
I assume what happens is that now mod_auth_gssapi is runnig with an
ephemeral in-process key, which means any reload or restart of apache
will change the key.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code