Bug 1442375

Summary: squid helper squid_kerb_ldap not included in package
Product: [Fedora] Fedora Reporter: bpk678
Component: squidAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 24CC: henrik, jonathansteffan, luhliari, psimerda, thozza
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1452200 (view as bug list) Environment:
Last Closed: 2017-04-18 14:25:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1452200    

Description bpk678 2017-04-14 12:09:26 UTC 
Description of problem: the external_acl helper kerberos_ldap_group or squid_kerb_ldap object is not compiled and packaged with squid, even though other helpers (LDAP_group or ext_ldap_group_acl) are.


Version-Release number of selected component (if applicable): 3.5.20


How reproducible: very


Steps to Reproduce:
1. install squid rpm package
2. review contents of /usr/lib64/squid
3. note, negotiate_kerberos_auth is not the helper in question here

Actual results: no helper object kerberos_ldap_group or squid_kerb_ldap is present.


Expected results: helper object kerberos_ldap_group or squid_kerb_ldap is present.


Additional info: not sure if this is a packaging decision, as opposed to a bug, but reporting it here.  the helper object in question furthers squid's integration with LDAP by leveraging the same Kerberos keytab used to authenticate users, and binding to LDAP with it to perform authorization based on group membership.  because the keytab is used, security is improved because no password exists in plain text on the filesystem.  the helper is included in the source code package, but not compiled and packaged with the binary package.
Comment 1 Luboš Uhliarik 2017-04-18 14:25:37 UTC 
Added kerberos_ldap_group to --enable-external-acl-helpers configure option. 

Fixed in RAWHIDE.