Versions Compared

Old Version 53

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 54

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

With the 2.5 release, the package now installs shibd to run as a non-root user and group (called shibd). As a result, when you upgrade, the package will execute a number of file and directory ownership changes to make sure that it can continue to run. If you use any non-default filenames or locations, particularly for any private keys, you will need to manually adjust your file permissions so that the shibd user can access the files involved. Private keys should be readable only by that user account.

Also, please do NOT store files from unrelated software into the directories created by the package (principally the log, run, and cache directories in /var, and the /etc/shibboleth directory. This is NOT supported and may cause problems when you upgrade. The package assumes that it knows what can be in those directories and does not have the ability to avoid breaking other software
Warning

Under no circumstances should you attempt to install a set of RPM packages built for/with a different OS or version from your own (apart from the CentOS/RedHat exception noted above). This will usually lead to unpredictable problems and support issues. Instead, you can rebuild the SRPM packages and then you can install them anytime you need them.

Note
Warning
titleIncompatibility with RHEL / CentOS 7.0-7.3

Red Hat and CentOS 7.4 include a newer version of OpenSSL, and due to an inadvertent rebuild of one package by the SUSE Build Service, the packages for that OS had to be fully rebuilt, which means they no longer support versions older than 7.4. A full yum update to the new OS will include the update to these packages, but updating to them or installing them from scratch will fail if the OS version is older than 7.4. We apologize for the inconvenience but the problem was impossible to recover from.

Installing via Yum

The recommended approach is to take advantage of the SUSE Build Service's ability to act as a yum repository alongside your existing OS-supplied repository. Ths allows you to manage the Shibboleth packages in a standard way and pick up updates using a single command.

...