Bug 1636547
| Summary: | [RFE] Move appliance from apache module mod_auth_kerb to mod_auth_gssapi | ||
|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Joe Vlcek <jvlcek> |
| Component: | Appliance | Assignee: | Joe Vlcek <jvlcek> |
| Status: | CLOSED ERRATA | QA Contact: | Antonin Pagac <apagac> |
| Severity: | medium | Docs Contact: | Red Hat CloudForms Documentation <cloudforms-docs> |
| Priority: | unspecified | ||
| Version: | 5.10.0 | CC: | abellott, cbudzilo, gtanzill, jvlcek, obarenbo, simaishi, smallamp |
| Target Milestone: | GA | Keywords: | FutureFeature |
| Target Release: | 5.10.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 5.10.0.19 | Doc Type: | Release Note |
| Doc Text: |
This release of Red Hat CloudForms will introduce an alternate Apache module, mod_auth_gssapi, to support Single Sign On (SSO) via external authentication.
The current module, mod_auth_kerb, will continue to be
supported for the foreseeable future but at some point
will likely be deprecated from Cloudforms.
As mod_auth_gssapi is the direction forward for
Apache kerberos SSO support, it is recommended, but not
required to migrate from using mod_auth_kerb to
mod_auth_gssapi
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-02-07 23:03:44 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Joe Vlcek
2018-10-05 16:11:51 UTC
The PRs that will implement this RFE are: https://github.com/ManageIQ/manageiq-appliance/pull/206 https://github.com/ManageIQ/manageiq_docs/pull/973 https://github.com/ManageIQ/manageiq-appliance-build/pull/282 https://github.com/ManageIQ/manageiq/pull/18014 (In reply to Joe Vlcek from comment #0) > Description of problem: > > Apache module mod_auth_gssapi is favored over mod_auth_kerb going forward. > GSSAPI is available now so we can make the transition. > > This RFE is to track the work needed to make the transition for the > appliance. > > mod_auth_kerb is currently supported but will be deprecated at some point in > the future. The favored kerberos Apache module is not mod_auth_gssapi and is > therefore more likely to contain patches and improvements more quickly than > mod_auth_kerb > > Expected results: > > > Additional info: Correction The subject had a typo. "not" should be "now" as shown below Change: The favored kerberos Apache module is "not" mod_auth_gssapi To: The favored kerberos Apache module is "now" mod_auth_gssapi Please assess the impact of this issue and update the severity accordingly. Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition. If it's something like a tracker bug where it doesn't matter, please set the severity to Low. New commit detected on ManageIQ/manageiq/hammer: https://github.com/ManageIQ/manageiq/commit/51b26b7a2917fa7707c8efb7e93589b6769b9814 commit 51b26b7a2917fa7707c8efb7e93589b6769b9814 Author: Gregg Tanzillo <gtanzill> AuthorDate: Fri Oct 5 16:42:46 2018 -0400 Commit: Gregg Tanzillo <gtanzill> CommitDate: Fri Oct 5 16:42:46 2018 -0400 Merge pull request #18014 from jvlcek/gssapi Move from apache module mod_auth_kerb to mod_auth_gssapi (cherry picked from commit 90853a61ff9881fb730bdbc71418286b159a0513) https://bugzilla.redhat.com/show_bug.cgi?id=1636547 spec/tools/miqldap_to_sssd/configure_apache_spec.rb | 40 +- tools/miqldap_to_sssd/configure_apache.rb | 2 +- 2 files changed, 27 insertions(+), 15 deletions(-) New commit detected on ManageIQ/manageiq-appliance/hammer: https://github.com/ManageIQ/manageiq-appliance/commit/8f6c2dfb04b7a53961da332da8e7a477c34c1f58 commit 8f6c2dfb04b7a53961da332da8e7a477c34c1f58 Author: Gregg Tanzillo <gtanzill> AuthorDate: Fri Oct 5 16:34:35 2018 -0400 Commit: Gregg Tanzillo <gtanzill> CommitDate: Fri Oct 5 16:34:35 2018 -0400 Merge pull request #206 from jvlcek/gssapi Move from apache module mod_auth_kerb to mod_auth_gssapi (cherry picked from commit 16221db14d40bfe730829bb7c054da7b39690548) https://bugzilla.redhat.com/show_bug.cgi?id=1636547 TEMPLATE/etc/httpd/conf.d/manageiq-external-auth.conf.erb | 11 +- 1 file changed, 4 insertions(+), 7 deletions(-) New commit detected on ManageIQ/manageiq-appliance-build/hammer: https://github.com/ManageIQ/manageiq-appliance-build/commit/9fe5cc5a44d08890934058c8aee086c15dbb7d69 commit 9fe5cc5a44d08890934058c8aee086c15dbb7d69 Author: Gregg Tanzillo <gtanzill> AuthorDate: Fri Oct 5 16:39:04 2018 -0400 Commit: Gregg Tanzillo <gtanzill> CommitDate: Fri Oct 5 16:39:04 2018 -0400 Merge pull request #282 from jvlcek/gssapi Move from apache module mod_auth_kerb to mod_auth_gssapi (cherry picked from commit 9ab682c2641fa2384b0d4d4836b23f6a203d4c5f) https://bugzilla.redhat.com/show_bug.cgi?id=1636547 kickstarts/partials/packages/includes.ks.erb | 1 + 1 file changed, 1 insertion(+) Verified with 5.10.0.32. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:0212 |