Bug 146181
Summary: | mod_auth_kerb keytab type documentation | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Patrick Paul <patpaul> |
Component: | mod_auth_kerb | Assignee: | Joe Orton <jorton> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | mattdm |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-02-05 05:56:45 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Patrick Paul
2005-01-25 19:50:34 UTC
By "documentation" are you referring to the wording in the example configuration file, /etc/httpd/conf.d/auth_kerb.conf, or the README? Woops, sorry about ambiguity. Documentation refers to 1) The README, lines 92 and 139. 2) The example /etc/httpd/conf.d/auth_kerb.conf, lines 12-13. I looked at every piece of documentation from http://modauthkerb.sourceforge.net/, and it agrees and says the same thing. Also, the code, at (unpatched 5.0-rc6 source) line 236 in mod_auth_kerb.c does a specific '... ->krb_service_name = "HTTP"' Sorry, I'm still not clear what you're reporting. Are you saying that the documentation is wrong and should be changed to match the behaviour of the code? Or that the code is wrong and should be changed to match the documentation? I'm not sure precisely what is confusing about the README; it merely talks about the default service name. Likewise the line of code you reference merely sets the default service name, allowing the configuration to override it if desired. Sorry, confusion definitely happens when I've yet to have coffee. The documentation is wrong. The documentation says HTTP/ _only_ works by default. I have keytab in place of type host/, and this works. I did not specify type host/ in the configuration, as the documentation says I needed to. I listed the source code only to show that even the source code says type HTTP/ is the default, and that type host/ is nowhere to be seen. This was only done to point out that I have no idea _where_ the code is allowing type host/ by default. Documentation is sort of right... While the mod_auth_kerb system WILL work with host/ instead of HTTP/, it may create problems with certain clients. The "standard" is HTTP, so while some browsers will go in fine with a host tab only, the lack of HTTP may create problems with others. The software SHOULD be modified to match the documentation, although that would be removing a useful if "incorrect" feature. Changing the documentation will potentially cause problems elsewhere. Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you! Fedora Core 3 is not maintained anymore. Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the current Fedora release please reopen this bug. |