[Freeipa-devel] [freeipa PR#723][+ack] Store GSSAPI session key in /var/run/httpd
Simo Sorce
simo at redhat.com
Thu Apr 27 12:28:39 UTC 2017
On Thu, 2017-04-27 at 10:42 +0200, MartinBasti wrote:
> URL: https://github.com/freeipa/freeipa/pull/723
> Title: #723: Store GSSAPI session key in /var/run/httpd
>
> Label: +ack
Guys I explained in the bug[1] that this is wrong, why was this acked
and pushed ?
Besides how does this even work ? /var/run/ipa is owned by root and
apache has no rights to create files there and the patch does not
address any permission problem.
I assume what happens is that now mod_auth_gssapi is runnig with an
ephemeral in-process key, which means any reload or restart of apache
will change the key.
Please revert!
Simo.
[1] https://pagure.io/freeipa/issue/6880#comment-437767
More information about the Freeipa-devel
mailing list