...
If you want to modify anything in the file, this can be done by running systemctl edit shibd, which will spawn an editor and lets start a text editor letting you add only the things you'd like to override. (This will then be written to a file called /etc/systemd/system/shibd.service.d/override.conf and will also take care of reloading systemd to activate the changes.)
Do To do the same things thing manually – or maybe from a configuration management system such as Ansible or Puppet – create a file named /etc/systemd/system/shibd.service.d/shibd.conf and include any overridden lines you want to merge into the file. You can name the file itself anything that ends in the "conf" extension. (Do not create that directory and leave it empty, though!)
Note that if you modify the unit file definition outside of systemctl edit, e.g. manually or programmatically, you will need to tell systemd about the change using systemctl daemon-reload
...
if you're trying to load very large SAML 2.0 Metadata (e.g. the size of InCommon or eduGAIN) you may need to increase the startup timeout systemd applies before it kills off shibd and tries to start it again (which is pointless since parsing/signature-validating that metadata won't be any faster the next time). This can be done by setting TimeoutStartSec to a rather large (r) value – adjusting the actual timeout value as needed – see below for a value, e.g. 2h (or infinite , to disable the startup timeout functionality) for InCommon/eduGAIN-sized metadata. See below for an example or the systemd.service documentation.
...
Example: Have systemd wait up to
...
2 hours for shibd to start
| Code Block | ||
|---|---|---|
| ||
echo -e '[Service]\nTimeoutStartSec=30m2h' | sudo tee /etc/systemd/system/shibd.service.d/timeout.conf sudo systemctl daemon-reload |