diff options
| author | Simo Sorce <simo@redhat.com> | 2017-02-15 04:44:59 -0500 |
|---|---|---|
| committer | Martin Babinsky <mbabinsk@redhat.com> | 2017-02-22 15:50:48 +0100 |
| commit | b8f304c66994ae82ea484a4e8bd057d4ccf1e6bd (patch) | |
| tree | 41f957ba47758aeebc936770828494e99a59200d /ipaplatform | |
| parent | 2747f2ad782c7640ecc6949098f0d43411182255 (diff) | |
| download | freeipa-b8f304c66994ae82ea484a4e8bd057d4ccf1e6bd.tar.gz freeipa-b8f304c66994ae82ea484a4e8bd057d4ccf1e6bd.tar.xz freeipa-b8f304c66994ae82ea484a4e8bd057d4ccf1e6bd.zip | |
Remove non-sensical kdestroy on https stop
This kdestroy runs as root and wipes root's own ccachs ...
this is totally inappropriate.
Use a file ccache that ends up in the private tmp, so that if the
service is restarted the file is automatically removed.
https://fedorahosted.org/freeipa/ticket/6673
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Diffstat (limited to 'ipaplatform')
| -rw-r--r-- | ipaplatform/base/paths.py | 1 | ||||
| -rw-r--r-- | ipaplatform/debian/paths.py | 1 | ||||
| -rw-r--r-- | ipaplatform/redhat/tasks.py | 2 |
3 files changed, 2 insertions, 2 deletions
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 5d5fb993f..eb6e835f4 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -352,5 +352,6 @@ class BasePathNamespace(object): IPA_GETKEYTAB = '/usr/sbin/ipa-getkeytab' EXTERNAL_SCHEMA_DIR = '/usr/share/ipa/schema.d' GSSPROXY_CONF = '/etc/gssproxy/10-ipa.conf' + KRB5CC_HTTPD = '/tmp/krb5cc-httpd' path_namespace = BasePathNamespace diff --git a/ipaplatform/debian/paths.py b/ipaplatform/debian/paths.py index 5cbe9b876..ad0e13cb9 100644 --- a/ipaplatform/debian/paths.py +++ b/ipaplatform/debian/paths.py @@ -89,7 +89,6 @@ class DebianPathNamespace(BasePathNamespace): VAR_OPENDNSSEC_DIR = "/var/lib/opendnssec" OPENDNSSEC_KASP_DB = "/var/lib/opendnssec/db/kasp.db" IPA_ODS_EXPORTER_CCACHE = "/var/lib/opendnssec/tmp/ipa-ods-exporter.ccache" - KRB5CC_HTTPD = "/var/run/apache2/ipa/krbcache/krb5ccache" IPA_CUSTODIA_SOCKET = "/run/apache2/ipa-custodia.sock" IPA_CUSTODIA_AUDIT_LOG = '/var/log/ipa-custodia.audit.log' diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 5bddd1469..123595eb8 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -458,7 +458,7 @@ class RedHatTaskNamespace(BaseTaskNamespace): dict( KDCPROXY_CONFIG=paths.KDCPROXY_CONFIG, IPA_HTTPD_KDCPROXY=paths.IPA_HTTPD_KDCPROXY, - POST='-{kdestroy} -A'.format(kdestroy=paths.KDESTROY) + KRB5CC_HTTPD=paths.KRB5CC_HTTPD, ) ) |