Bug 1058805

Summary:	Review Request: mod_authnz_pam - PAM authorization checker and PAM Basic Authentication provider
Product:	[Fedora] Fedora	Reporter:	Jan Pazdziora (Red Hat) <jpazdziora>
Component:	Package Review	Assignee:	Rob Crittenden <rcritten>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	rawhide	CC:	jpazdziora, package-review, rcritten
Target Milestone:	---	Flags:	rcritten: fedora-review+ gwync: fedora-cvs+
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	mod_authnz_pam-0.8.1-1.fc20	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2014-02-22 00:51:11 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Jan Pazdziora (Red Hat) 2014-01-28 14:45:05 UTC

Spec URL: http://fedorapeople.org/cgit/adelton/public_git/mod_authnz_pam.git/plain/mod_authnz_pam.spec
SRPM URL: http://copr-be.cloud.fedoraproject.org/results/adelton/identity_demo/fedora-19-x86_64/mod_authnz_pam-0.7-1.fc19/mod_authnz_pam-0.7-1.fc19.src.rpm
Description: mod_authnz_pam is a PAM authorization module, supplementing
authentication done by other modules, for example mod_auth_kerb; it
can also be used as full Basic Authentication provider which runs the
[login, password] authentication through the PAM stack.
Fedora Account System Username: adelton

Comment 1 Rob Crittenden 2014-01-28 16:08:47 UTC

Is the 2.2 vs 2.4 logic needed? I don't think 2.2 has shipped in Fedora since Fedora 17. It looks like some other Apache modules do this, do you know how long this will be required?

You use a glob if the module configuration directory differs from the Apache configuration directory but a specific file otherwise. Is there a reason for this?

Similarly you use a glob for the shared library but there is only one file, so why not be specific?

Comment 2 Jan Pazdziora (Red Hat) 2014-01-28 16:34:21 UTC

(In reply to Rob Crittenden from comment #1)
> Is the 2.2 vs 2.4 logic needed? I don't think 2.2 has shipped in Fedora
> since Fedora 17. It looks like some other Apache modules do this, do you
> know how long this will be required?

The goal is to get the module into/built for RHEL 6 which has Apache 2.2, and for consistency reasons I prefer to maintain just one .spec file in the upsream. So the answer is "as along as we want to build for RHEL 6/EPEL 6" as well.

> You use a glob if the module configuration directory differs from the Apache
> configuration directory but a specific file otherwise. Is there a reason for
> this?
> 
> Similarly you use a glob for the shared library but there is only one file,
> so why not be specific?

No specific reason really. I probably used a pattern from other module. I can can fix it or leave it.

Comment 3 Rob Crittenden 2014-01-29 18:01:22 UTC

I think it's fine, lots of other modules do this too. 

ACK.

Comment 4 Jan Pazdziora (Red Hat) 2014-01-30 12:51:31 UTC

Thanks.

Based on reviews of other modules, I've now created new .spec: http://fedorapeople.org/cgit/adelton/public_git/mod_authnz_pam.git/plain/mod_authnz_pam.spec?id=mod_authnz_pam-0.8
The diff against the previous one is: http://fedorapeople.org/cgit/adelton/public_git/mod_authnz_pam.git/diff/mod_authnz_pam.spec?id=mod_authnz_pam-0.8&id2=mod_authnz_pam-0.7
New .src.rpm: http://copr-be.cloud.fedoraproject.org/results/adelton/identity_demo/fedora-19-x86_64/mod_authnz_pam-0.8-1.fc19/mod_authnz_pam-0.8-1.fc19.src.rpm

Comment 5 Jan Pazdziora (Red Hat) 2014-01-30 13:44:01 UTC

Oops -- we've lost -lpam in the changes, adding it back:
http://fedorapeople.org/cgit/adelton/public_git/mod_authnz_pam.git/diff/?id=mod_authnz_pam-0.8.1
http://copr-be.cloud.fedoraproject.org/results/adelton/identity_demo/fedora-19-x86_64/mod_authnz_pam-0.8.1-1.fc19/mod_authnz_pam-0.8.1-1.fc19.src.rpm

Comment 6 Rob Crittenden 2014-01-30 14:26:59 UTC

OK, changes look good. Can't believe I missed the httpd-mmn thing :-(

Comment 7 Jan Pazdziora (Red Hat) 2014-01-30 14:46:16 UTC

New Package SCM Request
=======================
Package Name: mod_authnz_pam
Short Description: PAM authorization checker and PAM Basic Authentication provider
Owners: adelton
Branches: f20 f21
InitialCC:

Comment 8 Gwyn Ciesla 2014-01-30 14:51:28 UTC

Git done (by process-git-requests).

Don't request f21, not branched, still devel which is automatic.

Comment 9 Fedora Update System 2014-01-31 02:16:45 UTC

mod_authnz_pam-0.8.1-1.fc20,mod_intercept_form_submit-0.9.5-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/mod_authnz_pam-0.8.1-1.fc20,mod_intercept_form_submit-0.9.5-1.fc20

Comment 10 Fedora Update System 2014-02-01 04:04:09 UTC

Package mod_authnz_pam-0.8.1-1.fc20, mod_intercept_form_submit-0.9.5-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing mod_authnz_pam-0.8.1-1.fc20 mod_intercept_form_submit-0.9.5-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-1873/mod_authnz_pam-0.8.1-1.fc20,mod_intercept_form_submit-0.9.5-1.fc20
then log in and leave karma (feedback).

Comment 11 Fedora Update System 2014-02-22 00:51:11 UTC

mod_authnz_pam-0.8.1-1.fc20, mod_intercept_form_submit-0.9.5-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.