[Freeipa-devel] [freeipa PR#723][-ack] Store GSSAPI session key in /var/run/httpd
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd Label: -ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [freeipa PR#723][+ack] Store GSSAPI session key in /var/run/httpd
On Thu, 2017-04-27 at 10:42 +0200, MartinBasti wrote: > URL: https://github.com/freeipa/freeipa/pull/723 > Title: #723: Store GSSAPI session key in /var/run/httpd > > Label: +ack Guys I explained in the bug[1] that this is wrong, why was this acked and pushed ? Besides how does this even work ? /var/run/ipa is owned by root and apache has no rights to create files there and the patch does not address any permission problem. I assume what happens is that now mod_auth_gssapi is runnig with an ephemeral in-process key, which means any reload or restart of apache will change the key. Please revert! Simo. [1] https://pagure.io/freeipa/issue/6880#comment-437767 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#723][+ack] Store GSSAPI session key in /var/run/httpd
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code