On 06/16/2015 03:12 PM, Jakub Hrozek wrote:
On Tue, Jun 16, 2015 at 03:10:18PM +0200, Jakub Hrozek wrote:
Proactively store the keytabs in /var/lib/sss/keytabs instead of /var/lib/sss/db/keytabs because users (including developers who rote tests) are used to removing everything under /var/lib/sss/db which removes the sssd-owned directory.
Unlike the other directories under /var/lib/sss this one doesn't have a matching configure option...I don't this we need one.
Make sure the directory is only accessible to the sssd user.
CI (rigorous by default now): http://sssd-ci.duckdns.org/logs/commit/27/df243b8f6182a6093af432f1d23a21e4fb...
btw I also amended the design page: https://fedorahosted.org/sssd/wiki/DesignDocs/OneWayTrusts?action=diff&v...
Hi,
the patches look good, but I think you wrongly amended this sentence in the design page:
"That way, processes that are able to access the sssd state directory, which is public <HAKUNAMATATA> the keytabs."
I think you wanted to keep the ", will not be able to access" where I put the <HAKUNAMATATA>.
Other than that. The patches are good I am just waiting for the CI to finish.
Michal