Bug 652772

Summary: SEC_* param cleanup in base-db
Product: Red Hat Enterprise MRG Reporter: Robert Rati <rrati>
Component: condor-wallaby-base-dbAssignee: Robert Rati <rrati>
Status: CLOSED ERRATA QA Contact: Lubos Trilety <ltrilety>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.3CC: jneedle, ltrilety, matt, mkudlej
Target Milestone: 2.0.1   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: condor-wallaby-base-db-1.14-1 Doc Type: Bug Fix
Doc Text:
C: The remote configuration default database had a number of unneeded security related parameters in several features C: The security parameters could be confusing on a configured node C: Cleaned up the security params in the default db R: Security parameter settings are much more clear
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-07 16:43:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 723887    

Description Robert Rati 2010-11-12 18:09:34 UTC 
Description of problem:
Need to clean up the definitions of the SEC_* params in the default db:
1) The params should have must_change = false
2) <subsys>.SEC_* should be removed from all features in the db

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Robert Rati 2010-11-12 21:59:32 UTC 
May also be able to remove claimtobe authentication methods since fs/ntlm is specified.
Comment 2 Robert Rati 2010-11-18 15:21:17 UTC 
Also look at making Authentication REQUIRED instead of OPTIONAL.
Comment 3 Robert Rati 2011-06-13 21:34:57 UTC 
Removed all SEC_* params from all features except the Master feature.  Also edited SEC_DEFAULT_AUTHENTICATION_METHODS on the Master feature to include FS and NTLM methods.

All SEC_* params are neither must_change nor needs_restart

Fixed on master
Comment 4 Robert Rati 2011-06-24 15:33:46 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
C: The remote configuration default database had a number of  unneeded security related parameters in several features
C: The security parameters could be confusing on a configured node
C: Cleaned up the security params in the default db
R: Security parameter settings are much more clear
Comment 6 Lubos Trilety 2011-07-29 09:30:14 UTC 
Tested with:
condor-wallaby-base-db-1.14-1

Tested on:
RHEL5 i386,x86_64
RHEL6 i686,x86_64

SEC_DEFAULT_AUTHENTICATION_METHODS on the Master feature includes also FS
and NTLM methods.
All SEC_* parameters have must_change and needs_restart set to false
Only Master feature contains SEC_* parameters.

>>> VERIFIED
Comment 7 errata-xmlrpc 2011-09-07 16:43:22 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-1249.html