diff options
| author | Lukas Slebodnik <lslebodn@redhat.com> | 2017-04-21 10:31:25 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-07-25 10:50:24 +0200 |
| commit | 614545382c4ac75d85fb8c80917cc675bc0ec580 (patch) | |
| tree | 9340dc1e489c4aeeb361b9214fc4d59f2b0ad3f8 | |
| parent | a406b52a0d20e0ec502f52d63dee293636d1443a (diff) | |
| download | sssd-614545382c4ac75d85fb8c80917cc675bc0ec580.tar.gz sssd-614545382c4ac75d85fb8c80917cc675bc0ec580.tar.xz sssd-614545382c4ac75d85fb8c80917cc675bc0ec580.zip | |
KCM: Modify krb5 snippet file kcm_default_ccache
The file kcm_default_ccache must enable KCM ccache by default
without any modification of the file.
/etc/krb5.conf.d/ is fedora/el7 specific and it is not allowed to
enable or start systemd services in scriptlets. It would result in
broken krb5 configuration. Therefore krb5 configuration snippet was
moved from /etc/krb5.conf.d/ -> /usr/share/sssd-kcm. And each downstream
distribution should enable systemd services + change krb5 configuration
in it's own way.
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
| -rw-r--r-- | Makefile.am | 6 | ||||
| -rw-r--r-- | contrib/kcm_default_ccache | 12 | ||||
| -rw-r--r-- | contrib/sssd.spec.in | 4 |
3 files changed, 11 insertions, 11 deletions
diff --git a/Makefile.am b/Makefile.am index 9000866b2..7f6c47c5b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -87,7 +87,7 @@ sudolibdir = @sudolibpath@ polkitdir = @polkitdir@ pamconfdir = $(sysconfdir)/pam.d systemtap_tapdir = @tapset_dir@ -krb5sysincludedir = $(sysconfdir)/krb5.conf.d +sssdkcmdatadir = $(datadir)/sssd-kcm if HAVE_SYSTEMD_UNIT ifp_exec_cmd = $(sssdlibexecdir)/sssd_ifp --uid 0 --gid 0 --debug-to-files --dbus-activated @@ -189,7 +189,7 @@ sssdlibexec_PROGRAMS += sssd_secrets endif if BUILD_KCM sssdlibexec_PROGRAMS += sssd_kcm -dist_krb5sysinclude_DATA = contrib/kcm_default_ccache +dist_sssdkcmdata_DATA = contrib/kcm_default_ccache endif @@ -4760,7 +4760,7 @@ if BUILD_SAMBA mv $(DESTDIR)/$(winbindplugindir)/winbind_idmap_sss.so $(DESTDIR)/$(winbindplugindir)/sss.so endif if BUILD_KCM - $(MKDIR_P) $(DESTDIR)/$(krb5sysincludedir) + $(MKDIR_P) $(DESTDIR)/$(sssdkcmdatadir) endif uninstall-hook: diff --git a/contrib/kcm_default_ccache b/contrib/kcm_default_ccache index ac88fca86..4cd5b480b 100644 --- a/contrib/kcm_default_ccache +++ b/contrib/kcm_default_ccache @@ -2,11 +2,11 @@ # directory that is included from the Kerberos configuration file (/etc/krb5.conf) # On Fedora/RHEL/CentOS, this is /etc/krb5.conf.d/ # -# To enable the KCM credential cache, uncomment the following lines and -# enable the KCM socket and the service: -# systemctl enable sssd-kcm.socket +# To enable the KCM credential cache enable the KCM socket and the service: +# systemctl enable sssd-secrets.socket sssd-kcm.socket # systemctl start sssd-kcm.socket -# systemctl enable sssd-kcm.service +# +# To disable the KCM credential cache, comment out the following lines. -#[libdefaults] -# default_ccache_name = KCM: +[libdefaults] + default_ccache_name = KCM: diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index fb175ae7a..cb1a09c42 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -1264,8 +1264,8 @@ done %if (0%{?with_kcm} == 1) %files kcm %{_libexecdir}/%{servicename}/sssd_kcm -%dir %{_sysconfdir}/krb5.conf.d -%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache +%dir %{_datadir}/sssd-kcm +%{_datadir}/sssd-kcm/kcm_default_ccache %{_unitdir}/sssd-kcm.socket %{_unitdir}/sssd-kcm.service %{_mandir}/man8/sssd-kcm.8* |