URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd
simo5 commented: """ As I noted in the ticket: "At most you may want to store it in /var/lib/ipa/somewhere, but we do not want to break sessions (there are people using APIs from non-interactive scripts) just because you needed to restart a service/server quickly. These keys are considered long term keys, and should not be thrown away at each reboot." Let me also add that: 1. the directory needs to be writable by the apache user as the key is created the first time the server is started 2. only the apache user must be able to read this key """ See the full comment at https://github.com/freeipa/freeipa/pull/723#issuecomment-297701218
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
