On Tue, Jun 16, 2015 at 04:56:48PM +0200, Michal Židek wrote:
On 06/16/2015 03:12 PM, Jakub Hrozek wrote:
>On Tue, Jun 16, 2015 at 03:10:18PM +0200, Jakub Hrozek wrote:
>>Proactively store the keytabs in /var/lib/sss/keytabs instead of
>>/var/lib/sss/db/keytabs because users (including developers who rote
>>tests) are used to removing everything under /var/lib/sss/db which
>>removes the sssd-owned directory.
>>
>>Unlike the other directories under /var/lib/sss this one doesn't have a
>>matching configure option...I don't this we need one.
>>
>>Make sure the directory is only accessible to the sssd user.
>>
>>CI (rigorous by default now):
>>
http://sssd-ci.duckdns.org/logs/commit/27/df243b8f6182a6093af432f1d23a21e...
>
>btw I also amended the design page:
>
https://fedorahosted.org/sssd/wiki/DesignDocs/OneWayTrusts?action=diff&am...
Hi,
the patches look good, but I think you wrongly amended this sentence in
the design page:
"That way, processes that are able to access the sssd state directory, which
is public <HAKUNAMATATA> the keytabs."
I think you wanted to keep the ", will not be able to access" where
I put the <HAKUNAMATATA>.
Other than that. The patches are good I am just waiting for the CI
to finish.
Michal
Thank you for the review, pushed to master:
* a5bb518446d5ce565d7ba819590a009cabb0b0b4
* dbfc407eef1d9ba2469687c3ffbe7fd8bb111d94