mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
provide dedicated ccache file for httpd
httpd service stores Kerberos credentials in kernel keyring which gets destroyed and recreated during service install/upgrade, causing problems when the process is run under SELinux context other than 'unconfined_t'. This patch enables HTTPInstance to set up a dedicated CCache file for Apache to store credentials. https://fedorahosted.org/freeipa/ticket/4973 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Martin Babinsky
committed by
Petr Vobornik
Petr Vobornik
parent
57fba7a56f
commit
9a1a409d63
4
init/systemd/httpd.service
Normal file
4
init/systemd/httpd.service
Normal file
@@ -0,0 +1,4 @@
|
||||
.include /usr/lib/systemd/system/httpd.service
|
||||
|
||||
[Service]
|
||||
Environment=KRB5CCNAME=/var/run/httpd/krbcache/krb5ccache
|
||||
Reference in New Issue
Block a user