Bug 626943

Summary: Upgrading to satellite 5.4 may break Pam authentication
Product: Red Hat Satellite 5 Reporter: Justin Sherrill <jsherril>
Component: UpgradesAssignee: Milan Zázrivec <mzazrivec>
Status: CLOSED CURRENTRELEASE QA Contact: Pavel Novotny <pnovotny>
Severity: medium Docs Contact:
Priority: low    
Version: 530CC: cperry, jhutar, jpazdziora, mminar, pnovotny
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: Fixed in the 5.4.0 Release - GA'd 2010-10-27
Fixed In Version: rhn-upgrade-5.4.0.5-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-10-28 15:01:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 627859    
Bug Blocks: 487678, 608757    

Description Justin Sherrill 2010-08-24 17:54:23 UTC 
We've had 3 spacewalk users that have upgraded from 1.0 to 1.1 and have the their pam authentication stop working.

In all cases logging in with a pam authenticated user resulted in a java dump (the jvm crashing).

In all 3 cases reverting from the oci driver back to the thin driver fixed the issue.  I know Michael has tested this on a spacewalk 1.1 build directly, but since 3 different users had the issue and all 3 reported it working with the thin driver, I think something is awry. 

We should test upgrading from 5.3 to 5.4 (or spacewalk 1.0 to 1.1) with pam authentication enabled.
Comment 1 Milan Zázrivec 2010-09-22 16:16:40 UTC 
This problem is in fact being worked on in bug #627859.

I'll leave this bug open for QA to properly verify the pam authentication
on upgraded Satellite works OK.
Comment 2 Jan Pazdziora 2010-09-23 06:09:30 UTC 
(In reply to comment #0)
> We've had 3 spacewalk users that have upgraded from 1.0 to 1.1 and have the
> their pam authentication stop working.

Could you please confirm that in all these cases, the PAM authentication is in fact using LDAP and not some other PAM module?

We are aware of LDAP having issues but if it is a more generic PAM problem, please let me know.
Comment 3 Jan Pazdziora 2010-09-24 19:50:12 UTC 
The bug 627859 is now ON_QA, so this one could be moved ON_QA as well. Or closed as dupe?
Comment 4 Clifford Perry 2010-09-24 20:07:14 UTC 
This is tracking over /upgrades/ the other is new installs. I think its good to have it track for upgrades to ensure QA specifically tests this, even if we developers feel like were tracking the same issue in two bugs and should be closed as dupe. Lets move to ON_QA once Milan hands QA the rhn-upgrade package.

Cliff
Comment 5 Martin Minar 2010-10-06 14:13:19 UTC 
Verified on Satellite upgraded from 5.3 to 5.4.
Comment 6 Clifford Perry 2010-10-28 15:01:57 UTC 
The 5.4.0 RHN Satellite and RHN Proxy release has occurred. This issue has been resolved with this release. 


RHEA-2010:0801 - RHN Satellite Server 5.4.0 Upgrade
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10332

RHEA-2010:0803 - RHN Tools enhancement update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10333

RHEA-2010:0802 - RHN Proxy Server 5.4.0 bug fix update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10334

RHEA-2010:0800 - RHN Satellite Server 5.4.0
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10335

Docs are available:

http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/index.html 

Regards,
Clifford