Description of problem: Apache module mod_auth_gssapi is favored over mod_auth_kerb going forward. GSSAPI is available now so we can make the transition. This RFE is to track the work needed to make the transition for the appliance. mod_auth_kerb is currently supported but will be deprecated at some point in the future. The favored kerberos Apache module is not mod_auth_gssapi and is therefore more likely to contain patches and improvements more quickly than mod_auth_kerb Expected results: Additional info:
The PRs that will implement this RFE are: https://github.com/ManageIQ/manageiq-appliance/pull/206 https://github.com/ManageIQ/manageiq_docs/pull/973 https://github.com/ManageIQ/manageiq-appliance-build/pull/282 https://github.com/ManageIQ/manageiq/pull/18014
(In reply to Joe Vlcek from comment #0) > Description of problem: > > Apache module mod_auth_gssapi is favored over mod_auth_kerb going forward. > GSSAPI is available now so we can make the transition. > > This RFE is to track the work needed to make the transition for the > appliance. > > mod_auth_kerb is currently supported but will be deprecated at some point in > the future. The favored kerberos Apache module is not mod_auth_gssapi and is > therefore more likely to contain patches and improvements more quickly than > mod_auth_kerb > > Expected results: > > > Additional info: Correction The subject had a typo. "not" should be "now" as shown below Change: The favored kerberos Apache module is "not" mod_auth_gssapi To: The favored kerberos Apache module is "now" mod_auth_gssapi
Please assess the impact of this issue and update the severity accordingly. Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition. If it's something like a tracker bug where it doesn't matter, please set the severity to Low.
New commit detected on ManageIQ/manageiq/hammer: https://github.com/ManageIQ/manageiq/commit/51b26b7a2917fa7707c8efb7e93589b6769b9814 commit 51b26b7a2917fa7707c8efb7e93589b6769b9814 Author: Gregg Tanzillo <gtanzill> AuthorDate: Fri Oct 5 16:42:46 2018 -0400 Commit: Gregg Tanzillo <gtanzill> CommitDate: Fri Oct 5 16:42:46 2018 -0400 Merge pull request #18014 from jvlcek/gssapi Move from apache module mod_auth_kerb to mod_auth_gssapi (cherry picked from commit 90853a61ff9881fb730bdbc71418286b159a0513) https://bugzilla.redhat.com/show_bug.cgi?id=1636547 spec/tools/miqldap_to_sssd/configure_apache_spec.rb | 40 +- tools/miqldap_to_sssd/configure_apache.rb | 2 +- 2 files changed, 27 insertions(+), 15 deletions(-)
New commit detected on ManageIQ/manageiq-appliance/hammer: https://github.com/ManageIQ/manageiq-appliance/commit/8f6c2dfb04b7a53961da332da8e7a477c34c1f58 commit 8f6c2dfb04b7a53961da332da8e7a477c34c1f58 Author: Gregg Tanzillo <gtanzill> AuthorDate: Fri Oct 5 16:34:35 2018 -0400 Commit: Gregg Tanzillo <gtanzill> CommitDate: Fri Oct 5 16:34:35 2018 -0400 Merge pull request #206 from jvlcek/gssapi Move from apache module mod_auth_kerb to mod_auth_gssapi (cherry picked from commit 16221db14d40bfe730829bb7c054da7b39690548) https://bugzilla.redhat.com/show_bug.cgi?id=1636547 TEMPLATE/etc/httpd/conf.d/manageiq-external-auth.conf.erb | 11 +- 1 file changed, 4 insertions(+), 7 deletions(-)
New commit detected on ManageIQ/manageiq-appliance-build/hammer: https://github.com/ManageIQ/manageiq-appliance-build/commit/9fe5cc5a44d08890934058c8aee086c15dbb7d69 commit 9fe5cc5a44d08890934058c8aee086c15dbb7d69 Author: Gregg Tanzillo <gtanzill> AuthorDate: Fri Oct 5 16:39:04 2018 -0400 Commit: Gregg Tanzillo <gtanzill> CommitDate: Fri Oct 5 16:39:04 2018 -0400 Merge pull request #282 from jvlcek/gssapi Move from apache module mod_auth_kerb to mod_auth_gssapi (cherry picked from commit 9ab682c2641fa2384b0d4d4836b23f6a203d4c5f) https://bugzilla.redhat.com/show_bug.cgi?id=1636547 kickstarts/partials/packages/includes.ks.erb | 1 + 1 file changed, 1 insertion(+)
Verified with 5.10.0.32.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:0212