...
Instead, the package includes a read-only "unit" file installed to /usr/lib/systemd/system/shibd.service that describes how to manage the service. Do not modify this file, as it will be replaced during upgrades.
If you want to modify anything in the file, the best way to do this is to this can be done by running systemctl edit shibd, which will spawn an editor and lets you add only the things you'd like to override. (This will then be written to a file called /etc/systemd/system/shibd.service.d/override.conf and will also take care of reloading systemd to activate the changes.)
Do the same things manually – or maybe from a configuration management system such as Ansible or Puppet – create a file named /etc/systemd/system/shibd.service.d/shibd.conf and include any overridden lines you want to merge into the file. You can name the file itself anything that ends in the "conf" extension, but do . (Do not create that directory and leave it empty., though!)
Note that any time if you modify the unit file definition outside of systemctl edit, e.g. manually or programmatically, you will need to tell systemd about the change using systemctl daemon-reload
Increase startup timeout
if you're trying to load very large SAML 2.0 Metadata (e.g. the size of eduGAIN) you may need to increase the startup timeout systemd applies before it kills off shibd and tries to start it again (which is pointless since parsing/validating that metadata won't be any faster the next time). This can be done by setting TimeoutStartSec to a large(r) value – adjusting the actual timeout value as needed – see below for a example or the systemd.service documentation.
| Code Block | ||||
|---|---|---|---|---|
| ||||
echo -e '[Service]\nTimeoutStartSec=30m' | sudo tee /etc/systemd/system/shibd.service.d/timeout.conf sudo systemctl daemon-reload |