[Freeipa-devel] [PATCH 0037] Added /etc/krb5.conf.d/ to krb5.conf
Alexander Bokovoy
abokovoy at redhat.com
Sat May 28 04:24:51 UTC 2016
On Fri, 27 May 2016, Robbie Harwood wrote:
>Stanislav Laznicka <slaznick at redhat.com> writes:
>
>> From 7a55f169181ab8647cd2d919f35c004b14d5bc7f Mon Sep 17 00:00:00 2001
>> From: Stanislav Laznicka <slaznick at redhat.com>
>> Date: Fri, 27 May 2016 16:12:31 +0200
>> Subject: [PATCH] Added krb5.conf.d/ to included dirs in krb5.conf
>>
>> The include of /etc/krb5.conf.d/ is required for crypto-policies to work properly
>>
>> https://fedorahosted.org/freeipa/ticket/5912
>
>Thank you for working on this. Is the intent on the part of FreeIPA to
>keep a separate, freeipa-speicifc directory? And if so, can I suggest
>that we not do that?
Which directory are you talking about? /var/lib/sss/pubconf/krb5.include.d/?
SSSD directory is used already by all FreeIPA clients for very long time
because SSSD puts several important snippets there:
- CA paths and domain_realm information based on the trust topology of FreeIPA
- localauth plugin definition for SSSD plugin
SSSD cannot write to /etc and I don't think we have to change it.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list