You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@fmarco76 Here the login shell needs to be enabled before we can use pkiuser for systemd user service. Should we enable it by default in the RPM spec so pkiuser will work like a regular user, or do we want the sysadmin to enable it manually (and possibly enable the home directory manually too)? A normal user usually will have the login shell and home directory enabled by default.
@fmarco76 Here the login shell needs to be enabled before we can use pkiuser for systemd user service. Should we enable it by default in the RPM spec so pkiuser will work like a regular user, or do we want the sysadmin to enable it manually (and possibly enable the home directory manually too)? A normal user usually will have the login shell and home directory enabled by default.
Will these steps be manually performed or there is a plan to deploy containers with pkispawn (or a new command)? If a tool will be used then we could add the home and shell configuration on such a tool otherwise I would leave to sysadmin for the moment, at least until we have finalised all the container setup.
@fmarco76 Thanks! Yeah, we probably can add some options in pkispawn to deploy PKI as a container instead of in regular Tomcat instance, and the tool will do the required steps. We'll do that in another PR.
One thing though, suppose we want to run PKI server as pkiuser and use the home directory to store SoftHSM token or other things, the home directory needs to be created manually before running pkispawn. Adding a home directory is not difficult, but most people probably would need to look up the docs or find examples, so it's not that user-friendly.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
A new test has been added to run a CA container as a rootless systemd service in user space then perform a cert enrollment.
https://github.com/dogtagpki/pki/wiki/Deploying-CA-Container-as-Systemd-Service