After setting up tomcat, I deployed openam. The initial configuration screen gave me "Configurator does not have write access to /usr/share/tomcat". It turns out that the user tomcat7 (who runs tomcat) has his home in /usr/share/tomcat7 (have a look at /etc/passwd). For some reason (bug?), this directory is owned by root, which made it unwritable for tomcat7. The fix is an easy (as root)
chown -R tomcat7:tomcat7 /usr/share/tomcat7
Do not do this. /usr/share/tomcat7 is accessible by root for good reasons: so the config and binaries of tomcat cannot be changed through some security hole in a webapp.
AntwortenLöschenIt seems that openam actually wants /usr/share/tomcat7/sso. Unfortunately cannot test the hypothesis, because whenever I want to save the config I get "Invalid host name", regardless of permissions.
Ok, Hypothesys checked. It is a shame that openam cannot work with non-usual domain names and hostnames with only one dot.
AntwortenLöschenSorry for being hyper here. You will need .openamcfg as well.
AntwortenLöschen