[Freeipa-devel] [freeipa PR#723][comment] Store GSSAPI session key in /var/run/httpd
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd MartinBasti commented: """ The issue will be fixed on the SELinux side """ See the full comment at https://github.com/freeipa/freeipa/pull/723#issuecomment-298627474 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#723][comment] Store GSSAPI session key in /var/run/httpd
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd simo5 commented: """ The current patch moved the key in a place where apache cannot write, resulting in an ephemeral key that is thrown away each time apache is restarted/reloaded. """ See the full comment at https://github.com/freeipa/freeipa/pull/723#issuecomment-297701456 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#723][comment] Store GSSAPI session key in /var/run/httpd
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd simo5 commented: """ As I noted in the ticket: "At most you may want to store it in /var/lib/ipa/somewhere, but we do not want to break sessions (there are people using APIs from non-interactive scripts) just because you needed to restart a service/server quickly. These keys are considered long term keys, and should not be thrown away at each reboot." Let me also add that: 1. the directory needs to be writable by the apache user as the key is created the first time the server is started 2. only the apache user must be able to read this key """ See the full comment at https://github.com/freeipa/freeipa/pull/723#issuecomment-297701218 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#723][comment] Store GSSAPI session key in /var/run/httpd
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd simo5 commented: """ This patch is wrong please revert """ See the full comment at https://github.com/freeipa/freeipa/pull/723#issuecomment-297699615 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#723][comment] Store GSSAPI session key in /var/run/httpd
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd martbab commented: """ master: * 2bab2d4963daa99742875f3633a99966bc56f5a3 Store GSSAPI session key in /var/run/ipa ipa-4-5: * b2aa3ed0bc9f5385ab6e8b1720d9f1d33136e5dc Store GSSAPI session key in /var/run/ipa """ See the full comment at https://github.com/freeipa/freeipa/pull/723#issuecomment-297677527 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#723][comment] Store GSSAPI session key in /var/run/httpd
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd MartinBasti commented: """ This approach was agreed on devel meeting """ See the full comment at https://github.com/freeipa/freeipa/pull/723#issuecomment-297651621 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#723][comment] Store GSSAPI session key in /var/run/httpd
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd tomaskrizek commented: """ Functional ACK. There was a concern in the ticket's discussion about reboots - are we going to handle them? """ See the full comment at https://github.com/freeipa/freeipa/pull/723#issuecomment-296179626 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#723][comment] Store GSSAPI session key in /var/run/httpd
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd MartinBasti commented: """ Sure """ See the full comment at https://github.com/freeipa/freeipa/pull/723#issuecomment-295643034 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#723][comment] Store GSSAPI session key in /var/run/httpd
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd HonzaCholasta commented: """ Could we put the mod_auth_gssapi session key in `/var/run/ipa/session.key`? `/var/run/ipa` is where we store IPA-specific stuff, including mod_auth_gssapi ccaches. """ See the full comment at https://github.com/freeipa/freeipa/pull/723#issuecomment-295641802 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code