On 06/16/2015 03:12 PM, Jakub Hrozek wrote:
On Tue, Jun 16, 2015 at 03:10:18PM +0200, Jakub Hrozek wrote:
> Proactively store the keytabs in /var/lib/sss/keytabs instead of
> /var/lib/sss/db/keytabs because users (including developers who rote
> tests) are used to removing everything under /var/lib/sss/db which
> removes the sssd-owned directory.
>
> Unlike the other directories under /var/lib/sss this one doesn't have a
> matching configure option...I don't this we need one.
>
> Make sure the directory is only accessible to the sssd user.
>
> CI (rigorous by default now):
>
http://sssd-ci.duckdns.org/logs/commit/27/df243b8f6182a6093af432f1d23a21e...
btw I also amended the design page:
https://fedorahosted.org/sssd/wiki/DesignDocs/OneWayTrusts?action=diff&am...
Hi,
the patches look good, but I think you wrongly amended this sentence in
the design page:
"That way, processes that are able to access the sssd state directory,
which is public <HAKUNAMATATA> the keytabs."
I think you wanted to keep the ", will not be able to access" where
I put the <HAKUNAMATATA>.
Other than that. The patches are good I am just waiting for the CI
to finish.
Michal