[opensuse-factory] Samba default_ccache_name in YaST (was: Re: New Tumbleweed snapshot 20160209 released!)
Hello, Am Freitag, 12. Februar 2016, 01:59:08 CET schrieb Ludwig Nussel:
==== yast2-samba-client ==== Version update (3.1.15 -> 3.1.16)
- Use default_ccache_name FILE:/tmp/krb5cc_%{uid}; (bnc#921530). - 3.1.16
Can someone explain this, please? smb.service, nmb.service and winbind.service all have Environment=KRB5CCNAME=/run/samba/krb5cc_samba and winbind.service additionally has Environment=KRB5RCACHEDIR=/var/cache/krb5rcache So why is default_ccache_name now set to something in /tmp in the YaST module? Please also CC me in bnc#921530 (or make it public if possible). Regards, Christian Boltz --
Ein Update auf eine EIN JAHR alte Version? Ich denke er hat einfach auf das geupdated, was bei Debian derzeit als "aktuell" ausgeliefert wird... Ja, ist mir dann auch aufgegangen. Immer diese "Debian-Hasser". :) [>> nighthawk, >(>>) Ralf Hildebrandt und crandler in postfixbuch-users]
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi Christian, On Fri, Feb 12, 2016 at 01:32:07PM +0100, Christian Boltz wrote:
Am Freitag, 12. Februar 2016, 01:59:08 CET schrieb Ludwig Nussel:
==== yast2-samba-client ==== Version update (3.1.15 -> 3.1.16)
- Use default_ccache_name FILE:/tmp/krb5cc_%{uid}; (bnc#921530). - 3.1.16
Can someone explain this, please?
smb.service, nmb.service and winbind.service all have Environment=KRB5CCNAME=/run/samba/krb5cc_samba
and winbind.service additionally has Environment=KRB5RCACHEDIR=/var/cache/krb5rcache
So why is default_ccache_name now set to something in /tmp in the YaST module?
The Environment settings are for the daemons at startup via systemd. While the "Use default_ccache_name FILE:/tmp/krb5cc_%{uid}" covers the user case. Using default_ccache_name FILE type is only a transition. The final goal is to use the KEYRING feature.
Please also CC me in bnc#921530 (or make it public if possible).
Gah, I must have created a duplicate before filing the YaST issue. 921530 covers a customer case and can't be made public and unfortunately I can't add you either. In general this is the FILE vs KEYRING issue and beside identifying the root cause at the end yast2-samba-client had to be adjusted to explicitely make use of FILE. Else the settings of pam_winbind.conf and /etc/krb5.conf will not fit. As we now have theoretical three methods (FILE, DIR, and KEYRING) compared to one (FILE) only in the past we must explicitly set one in pam_winbind.conf too. The pam_winbind.conf man page describes this as part of the krb5_ccache_type explanation. In the next step yast2-samba-client will be switched to KEYRING. Cheers, Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team + SUSE Labs SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
participants (2)
-
Christian Boltz -
Lars Müller