Bug 253720 - "trust" box shouldn't be an option if it is required
Summary: "trust" box shouldn't be an option if it is required
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: conga   
(Show other bugs)
Version: 5.1
Hardware: All
OS: Linux
low
low
Target Milestone: ---
: ---
Assignee: Ryan McCabe
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-08-21 14:10 UTC by Corey Marthaler
Modified: 2009-04-16 22:59 UTC (History)
2 users (show)

Fixed In Version: RHBA-2008-0407
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-21 15:46:54 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2008:0407 normal SHIPPED_LIVE conga bug fix and enhancement update 2008-05-21 15:46:31 UTC

Description Corey Marthaler 2007-08-21 14:10:02 UTC
Description of problem:
Everytime I add an existing cluster to the luci homebase, if I don't select the
box to "trust" that machine, I see errors about not trusting it and the add
attempt fails. If it's required that you "trust" a machine, then when is it an
option? Seems pointless, what is it that I'm missing?

    * You must either trust "taft-04.lab.msp.redhat.com" or remove it.
    * You must either trust "taft-03.lab.msp.redhat.com" or remove it.
    * You must either trust "taft-02.lab.msp.redhat.com" or remove it.
    * Unable to connect to the ricci agent on taft-02.lab.msp.redhat.com: Unable
to establish an SSL connection to taft-02.lab.msp.redhat.com:11111: ricci's
certificate is not trusted
    * Unable to connect to the ricci agent on taft-04.lab.msp.redhat.com: Unable
to establish an SSL connection to taft-04.lab.msp.redhat.com:11111: ricci's
certificate is not trusted
    * Unable to connect to the ricci agent on taft-03.lab.msp.redhat.com: Unable
to establish an SSL connection to taft-03.lab.msp.redhat.com:11111: ricci's
certificate is not trusted


Version-Release number of selected component (if applicable):
luci-0.10.0-5.el5
ricci-0.10.0-5.el5
modcluster-0.10.0-5.el5

How reproducible:
everytime

Comment 1 Ryan McCabe 2007-08-21 17:23:09 UTC
The reason the trust check box is there is to give users a chance to verify that
the ricci certificate fingerprints mesh with what is expected so that two-way
trust can be established between the ricci and luci server. Most of the time,
users won't care.

What I'd like to do with this is have a 'check all' widget that users can click
to check all the trust boxes, and if the user hasn't asked to see the
certificate fingerprints before proceeding, don't show the  trust boxes at all.

Does that seem sensible to you?

Comment 2 Corey Marthaler 2007-08-21 18:13:25 UTC
I definately agree that most of the time (if not all of the time), the user will
not care about the certificates. 

It does sound sensible that there be no trust boxes at all unless the user
checks to view the certificate fingerprints.

Comment 3 RHEL Product and Program Management 2007-10-16 03:45:56 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 5 Brian Brock 2008-05-15 01:06:08 UTC
new behavior and features/bugfix work as described, changing state to verified.

Comment 7 errata-xmlrpc 2008-05-21 15:46:54 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0407.html


Note You need to log in before you can comment on or make changes to this bug.