This issue tracks the release note for the following Fedora Change:
https://fedoraproject.org/wiki/Changes/KerberosKCMCache - @jhrozek
If you own this change, please add additional information here that we should communicate to Fedora users. Specifically, please consider:
Your notes to us do not need to be formally written. We will edit them and add details as needed. This is a way for you to ensure that we know what is critical about your change.
If you want to write this release note, then:
Once you're done with the above, make sure to either commit the relnote to an appropriate section of the Release Notes book, or, if you're not familiar with Git, AsciiDoc, or whatever else, just add it to this issue as a comment and let pbokoc[1] know that you're done with this one and you'd like the note included. Be sure to do this at least one day before the final release (October 29 according to the current schedule). Also make sure to do this even for relnotes that haven't been checked by the change owner.
[0] You can do that by asking the change owner listed on the wiki page; alternatively you can infer it by checking the tracker bug (linked in Wiki) in Bugzilla and looking at its status; see bug comments for details. Ask someone on the mailing list or on IRC if you're not sure. [1] In #fedora-docs on FreeNode (UTC+1 timezone, online mostly during the day on weekdays), or pbokoc @redhat.com if you can't get a hold of me on IRC.
the KCM deamon is stateful. While no functionality that benefits from that is implemented in F-27, the deamon will allow to refresh Kerberos credentials on user's behalf if needed
Considerations for users of previous releases of Fedora (upgrade issues, format changes, etc.)
since the deamon is part of sssd, users should know that they should reach to man sssd-kcm and also to man sssd-secrets, because sssd-kcm uses sssd-secrets for data storage. It should also be noted that configuration can be changed in /etc/sssd/sssd.conf and that currently the sssd service must be restarted for changes to take effect
Links to any upstream Release Notes
https://docs.pagure.org/SSSD.sssd/design_pages/kcm.html
If this helps Fedora be a superior environment for our target audiences, please explain how so that we can emphasize this.
Metadata Update from @sclark: - Issue assigned to sclark
Thank you, @jhrozek, for the information above. I have used it to create a draft release note in PR #50. Please would you review the draft and let me know whether anything needs to be added or changed?
I have one nitpick and sorry I didn't mention it before. I would like to explicitly mention that the component that implements the KCM ccache type is sssd-kcm, maybe like this:
Fedora 27 defaults to a new Kerberos credential cache type called Kerberos Cache Manager (KCM) implemented in the sssd-kcm service.
The reason is that sssd-kcm is not the first implementation, the Heimdal Kerberos distribution had a KCM deamon for years and even macOS defaults to using KCM (even though thy call it the API ccache) for some time. Adding the sssd-kcm explicitly would make it clear that this is a anew implementation and part of sssd.
Otherwise LGTM, thank you!
Thank you for the review and explanation. I have incorporated the additional wording and merged PR #50.
Metadata Update from @sclark: - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.