Date: Thu, 14 Feb 2019 17:11:07 -0500 From: "zi@FreeBSD.org" <zi@freebsd.org> To: Marin Bernard <lists@olivarim.com> Cc: "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org> Subject: Re: clear_tmp_enable="YES" conflicts with 'security/kstart' Message-ID: <20190214221107.GA77877@exodus.zi0r.com> In-Reply-To: <lvQjZbx8C1z47Ca8xi1aGhrjIu0AppT97EVRLxUDMgPUJ7ZqATId3_uCDSUjCCAJmqHtJtWFoN2FZ9f7UuAPtZkPiJY9wL8tH7QssOX-N0c=@olivarim.com> References: <lvQjZbx8C1z47Ca8xi1aGhrjIu0AppT97EVRLxUDMgPUJ7ZqATId3_uCDSUjCCAJmqHtJtWFoN2FZ9f7UuAPtZkPiJY9wL8tH7QssOX-N0c=@olivarim.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On (02/14/19 21:43), Marin Bernard wrote: >Hi, > >We use security/kstart to maintain a local cache of kerberos tickets on our hosts. The tickets are stored in temporary caches files from the /tmp directory. > >On 2018-02-07, a PR was committed to the security/kstart port to "move k5start higher up in the service start list". This change introduced a regression when the host is also configured to clear the /tmp dir at startup (clear_tmp_enable="YES"): the /tmp directory is cleaned *after* kstart is started, thus removing any managed kerberos cache file. > >I do not know why the rc script was amended in the first place. Could someone give me some insight ? Clearing /tmp is a mandatory requirement for us because of the Kerberos context: is it possible to revert the rc script to its previous revision or propose anything else to fix this issue? > Please see the associated PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225732 If you would like to test the other option (Proposal 1 in the PR) and report back to me, we can look at switching over to it. -r >Thanks, > >Marin. -- Ryan Steinmetz PGP: 9079 51A3 34EF 0CD4 F228 EDC6 1EF8 BA6B D028 46D7
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190214221107.GA77877>