[Freeipa-devel] [PATCHES 0031-0032] set up a dedicated CCache file for Apache during install/upgrade
Martin Babinsky
mbabinsk at redhat.com
Wed Apr 29 07:29:50 UTC 2015
On 04/29/2015 09:09 AM, Martin Kosek wrote:
> On 04/28/2015 05:42 PM, Martin Babinsky wrote:
>> The attached patches address https://fedorahosted.org/freeipa/ticket/4973 and
>> implement the solution proposed in Comment 2.
>>
>> Please review the hell out of them.
>
> Why did you split the work in 2 patches? It looks like you first did the first
> approach of modifying httpd.service and then changed your mind and did the
> ipa-httpd.service approach (which is what we agreed to).
>
I was thinking about it as a two distinct operations (modify existing
httpd.service to use KRB5CCNAME and rename httpd.service to
ipa-httpd.service). But I can merge them if needed.
> Also, shouldn't ipa-httpd.service be contained in the package itself, like
> ipa-dnskeysyncd and httpd.service masked during installation? Also, I do not
> see any daemon-reload, so I am not sure if systemd would pick up the right
> configuration in the first install.
Martin^2 told me that generating service file from template is evil, so
I will put the full service file into init/systemd directory so that it
is already present in /etc/systemd/system after rpm install.
>
> Next, I was thinking what should be the ideal KRB5CCNAME for the HTTPD service.
> You chose "/tmp/ipa-httpd.ccache", is it the best approach CCACHE type/path we
> should use? This is mostly question to Simo, his mod_auth_gssapi will consume
> the ccache.
>
I will ask Simo if there is some preferred way to name CCache files.
--
Martin^3 Babinsky
More information about the Freeipa-devel
mailing list