freeipa

Clone
Source Code
GIT

d7f3c1f service: enforce keytab user when retrieving the keytab

1 file Authored by abbra 2 years ago, Committed by frenaud 2 years ago,
raw patch tree parent
1 file changed. 1 lines added. 1 lines removed.
ipaserver/install/service.py
file modified
+1 -1 
    service: enforce keytab user when retrieving the keytab
    
    HTTP service uses different user for keytab ownership than the service
    user. On Fedora this leads to http.keytab being owned by 'apache' user
    after IPA deployment while it should be owned by 'root' to allow
    GSSPROXY configuration to work correctly.
    
    The situation is fixed during upgrade (ipa-server-upgrade) but it means
    for new deployments there might be a period of unexplained Web UI
    authentication failures.
    
    Fixes: https://pagure.io/freeipa/issue/8872
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
file modified
+1 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.