Re: [Freeipa-devel] [PATCH 0064] destroy httpd ccache after stopping the service

[Martin Basti]

On 09/22/2015 01:44 PM, Martin Babinsky wrote:
This patch fixes https://fedorahosted.org/freeipa/ticket/5296 and 
generally makes cleaning up of httpd ccache more thorough.





ACK

Pushed to:
master: 93d080d726359db16749104c8bc20d14a5455dc0
ipa-4-2: 23f1d4ed605f9f4b22d6ad93c4110fff7358682c
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 0064] destroy httpd ccache after stopping the service

[Martin Babinsky]

This patch fixes https://fedorahosted.org/freeipa/ticket/5296 and 
generally makes cleaning up of httpd ccache more thorough.


--
Martin^3 Babinsky
From 02ec4a4d080a1dab28d14fa46a037ef1731431fb Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Wed, 16 Sep 2015 18:35:21 +0200
Subject: [PATCH] destroy httpd ccache after stopping the service

This will force recreation of the file-based ccache after IPA restore and
prevent a mismatch between cached and restored Kerberos keys.

https://fedorahosted.org/freeipa/ticket/5296
---
 init/systemd/httpd.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/init/systemd/httpd.service b/init/systemd/httpd.service
index e68f39eca759db50ad18d8db1faa3b704cb15ede..7ce8f04d8b9bb3663e59d4fdc610af0eb4478178 100644
--- a/init/systemd/httpd.service
+++ b/init/systemd/httpd.service
@@ -4,3 +4,4 @@
 Environment=KRB5CCNAME=/var/run/httpd/ipa/krbcache/krb5ccache
 Environment=KDCPROXY_CONFIG=/etc/ipa/kdcproxy/kdcproxy.conf
 ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy
+ExecStopPost=-/usr/bin/kdestroy -A
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code