From b8f304c66994ae82ea484a4e8bd057d4ccf1e6bd Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 15 Feb 2017 04:44:59 -0500
Subject: Remove non-sensical kdestroy on https stop

This kdestroy runs as root and wipes root's own ccachs ...
this is totally inappropriate.
Use a file ccache that ends up in the private tmp, so that if the
service is restarted the file is automatically removed.

https://fedorahosted.org/freeipa/ticket/6673

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
---
 ipaplatform/base/paths.py   | 1 +
 ipaplatform/debian/paths.py | 1 -
 ipaplatform/redhat/tasks.py | 2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'ipaplatform')

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 5d5fb993f..eb6e835f4 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -352,5 +352,6 @@ class BasePathNamespace(object):
     IPA_GETKEYTAB = '/usr/sbin/ipa-getkeytab'
     EXTERNAL_SCHEMA_DIR = '/usr/share/ipa/schema.d'
     GSSPROXY_CONF = '/etc/gssproxy/10-ipa.conf'
+    KRB5CC_HTTPD = '/tmp/krb5cc-httpd'
 
 path_namespace = BasePathNamespace
diff --git a/ipaplatform/debian/paths.py b/ipaplatform/debian/paths.py
index 5cbe9b876..ad0e13cb9 100644
--- a/ipaplatform/debian/paths.py
+++ b/ipaplatform/debian/paths.py
@@ -89,7 +89,6 @@ class DebianPathNamespace(BasePathNamespace):
     VAR_OPENDNSSEC_DIR = "/var/lib/opendnssec"
     OPENDNSSEC_KASP_DB = "/var/lib/opendnssec/db/kasp.db"
     IPA_ODS_EXPORTER_CCACHE = "/var/lib/opendnssec/tmp/ipa-ods-exporter.ccache"
-    KRB5CC_HTTPD = "/var/run/apache2/ipa/krbcache/krb5ccache"
     IPA_CUSTODIA_SOCKET = "/run/apache2/ipa-custodia.sock"
     IPA_CUSTODIA_AUDIT_LOG = '/var/log/ipa-custodia.audit.log'
 
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 5bddd1469..123595eb8 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -458,7 +458,7 @@ class RedHatTaskNamespace(BaseTaskNamespace):
             dict(
                 KDCPROXY_CONFIG=paths.KDCPROXY_CONFIG,
                 IPA_HTTPD_KDCPROXY=paths.IPA_HTTPD_KDCPROXY,
-                POST='-{kdestroy} -A'.format(kdestroy=paths.KDESTROY)
+                KRB5CC_HTTPD=paths.KRB5CC_HTTPD,
             )
         )
 
-- 
cgit