On Tue, Aug 30, 2011 at 04:07:22PM -0400, Stephen Gallagher wrote:
On Tue, 2011-08-30 at 13:10 -0400, Stephen Gallagher wrote:
> On Tue, 2011-08-30 at 11:23 -0400, Stephen Gallagher wrote:
> > On Tue, 2011-08-30 at 10:52 -0400, Stephen Gallagher wrote:
> > > Adds a configure option to set the distribution default as well as
> > > an sssd.conf option to override it.
> > >
> > > Resolves:
https://fedorahosted.org/sssd/ticket/980
> >
> > Sumit pointed out on IRC that I forgot to include the option in the
> > SSSDConfig API. New patch fixes that.
>
> Sumit also discovered that my configure script did not properly handle
> the default case (where --with-krb5-rcache-dir was not specified).
>
> Fixed in the attached patch.
New patch guarantees the existence of the rcache directory.
The patch is working as expected, but I'm sorry but I think I have
changed my mind about the default for KRB5RCACHEDIR. From a Fedora/Red
Hat perspective using /var/cache/krb5rcache to solve the SELinux issue
mentioned in #980 and the related bugzilla entry make sense. But while
testing the patch I realized that currently it is not possible to not
set KRB5RCACHEDIR to a value. So it is not possible to just use the
libkrb5 defaults.
I would like to suggest to change the default to not set KRB5RCACHEDIR
and use "--with-krb5-rcache-dir=/var/cache/krb5rcache" in Fedora and
RHEL spec files. This would allow other users and distributions to use
the libkrb5 defaults.
Additionally I wasn't able to overwrite the path given by the configure
option with an empty path with krb5_rcache_dir = "" or similar. Maybe we
need a special keyword here to allow unsetting KRB5RCACHEDIR via
sssd.conf?
Finally a higher level log message if the rcache directory does not
exists might be useful even if it is in the log of the monitor.
bye,
Sumit