URL: https://github.com/SSSD/sssd/pull/244
Author: lslebodn
Title: #244: KCM: Modify krb5 snippet file kcm_default_ccache
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/244/head:pr244
git checkout pr244
From eba3b0a92fce945724710ef057f438f01ed55299 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Fri, 21 Apr 2017 10:31:25 +0200
Subject: [PATCH] KCM: Modify krb5 snippet file kcm_default_ccache
The file kcm_default_ccache must enable KCM ccache by default
without any modification of the file.
/etc/krb5.conf.d/ is fedora/el7 specific and it is not allowed to
enable or start systemd services in scriptlets. It would result in
broken krb5 configuration. Therefore krb5 configuration snippet was
moved from /etc/krb5.conf.d/ -> /usr/share/sssd-kcm. And each downstream
distribution should enable systemd services + change krb5 configuration
in it's own way.
---
Makefile.am | 6 +++---
contrib/kcm_default_ccache | 12 ++++++------
contrib/sssd.spec.in | 4 ++--
3 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 9000866b2..7f6c47c5b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -87,7 +87,7 @@ sudolibdir = @sudolibpath@
polkitdir = @polkitdir@
pamconfdir = $(sysconfdir)/pam.d
systemtap_tapdir = @tapset_dir@
-krb5sysincludedir = $(sysconfdir)/krb5.conf.d
+sssdkcmdatadir = $(datadir)/sssd-kcm
if HAVE_SYSTEMD_UNIT
ifp_exec_cmd = $(sssdlibexecdir)/sssd_ifp --uid 0 --gid 0 --debug-to-files --dbus-activated
@@ -189,7 +189,7 @@ sssdlibexec_PROGRAMS += sssd_secrets
endif
if BUILD_KCM
sssdlibexec_PROGRAMS += sssd_kcm
-dist_krb5sysinclude_DATA = contrib/kcm_default_ccache
+dist_sssdkcmdata_DATA = contrib/kcm_default_ccache
endif
@@ -4760,7 +4760,7 @@ if BUILD_SAMBA
mv $(DESTDIR)/$(winbindplugindir)/winbind_idmap_sss.so $(DESTDIR)/$(winbindplugindir)/sss.so
endif
if BUILD_KCM
- $(MKDIR_P) $(DESTDIR)/$(krb5sysincludedir)
+ $(MKDIR_P) $(DESTDIR)/$(sssdkcmdatadir)
endif
uninstall-hook:
diff --git a/contrib/kcm_default_ccache b/contrib/kcm_default_ccache
index ac88fca86..4cd5b480b 100644
--- a/contrib/kcm_default_ccache
+++ b/contrib/kcm_default_ccache
@@ -2,11 +2,11 @@
# directory that is included from the Kerberos configuration file (/etc/krb5.conf)
# On Fedora/RHEL/CentOS, this is /etc/krb5.conf.d/
#
-# To enable the KCM credential cache, uncomment the following lines and
-# enable the KCM socket and the service:
-# systemctl enable sssd-kcm.socket
+# To enable the KCM credential cache enable the KCM socket and the service:
+# systemctl enable sssd-secrets.socket sssd-kcm.socket
# systemctl start sssd-kcm.socket
-# systemctl enable sssd-kcm.service
+#
+# To disable the KCM credential cache, comment out the following lines.
-#[libdefaults]
-# default_ccache_name = KCM:
+[libdefaults]
+ default_ccache_name = KCM:
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index fb175ae7a..cb1a09c42 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -1264,8 +1264,8 @@ done
%if (0%{?with_kcm} == 1)
%files kcm
%{_libexecdir}/%{servicename}/sssd_kcm
-%dir %{_sysconfdir}/krb5.conf.d
-%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache
+%dir %{_datadir}/sssd-kcm
+%{_datadir}/sssd-kcm/kcm_default_ccache
%{_unitdir}/sssd-kcm.socket
%{_unitdir}/sssd-kcm.service
%{_mandir}/man8/sssd-kcm.8*
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
