[Freeipa-devel] [freeipa PR#723][comment] Store GSSAPI session key in /var/run/httpd
simo5
freeipa-github-notification at redhat.com
Thu Apr 27 12:38:04 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/723
Title: #723: Store GSSAPI session key in /var/run/httpd
simo5 commented:
"""
As I noted in the ticket: "At most you may want to store it in /var/lib/ipa/somewhere, but we do not want to break sessions (there are people using APIs from non-interactive scripts) just because you needed to restart a service/server quickly.
These keys are considered long term keys, and should not be thrown away at each reboot."
Let me also add that:
1. the directory needs to be writable by the apache user as the key is created the first time the server is started
2. only the apache user must be able to read this key
"""
See the full comment at https://github.com/freeipa/freeipa/pull/723#issuecomment-297701218
More information about the Freeipa-devel
mailing list