> I can see the problem, but I'm not sure how to improve on this. We
> don't want to support running shibd as root, so we added the warning to
I'm totally with you here!
> prod admins to migrate under jessie.
It seems you didn't use a big enough cattle prod here ;-) Without the
explicit
Andreas Ley writes:
> Did not realize there now is a _shibd user that needs to access the
> keys since on jessie, shibd automatically runs as root in such a
> situation.
> [...]
> On stretch, there is a /lib/systemd/system/shibd.service which misses
> both the automatism and the warning.
Hi
Package: shibboleth-sp2-utils
Version: 2.6.0+dfsg1-4+deb9u1
Severity: minor
Dear Maintainer,
* What led up to the situation?
Migrated shibboleth x.509 keys (root owned, mode 400) from a jessie system to
stretch.
* What exactly did you do (or not do) that was effective (or
3 matches
Mail list logo
