SP packaging
Cantor, Scott
cantor.2 at osu.edu
Wed Jan 27 15:06:40 UTC 2016
On 1/27/16, 7:47 AM, "Pkg-shibboleth-devel on behalf of Ferenc Wágner" <pkg-shibboleth-devel-bounces+cantor.2=osu.edu at lists.alioth.debian.org on behalf of wferi at niif.hu> wrote:
>
>Fully agreed. I kept the logcheck file partly to make it easy for the
>admin to change logging configuration to syslog.
I'm not a syslog fan for this kind of logging, but if there's some kind of "trick" to make it easier to switch to syslog that's not Debian only, I can certainly look at it.
>I'm thrilled to remove this fallback from the init script. But the
>above mentioned problem is largely unrelated. The issue is that the
>admin can naturally issue shibd -t to check the config after some
>modification, and if this test run creates new metadata files (for
>example) in /var/cache/shibboleth, those will we owned by root. Thus
>the daemon running as _shibd can't update them later. I can't see a way
>to fix cleanly without putting the identity change into shibd.
I think that's really a bug at this point, the -t option long predates use of an alternate user account.
-- Scott
>
More information about the Pkg-shibboleth-devel
mailing list