Bug 652772 - SEC_* param cleanup in base-db
Summary: SEC_* param cleanup in base-db
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: condor-wallaby-base-db
Version: 1.3
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: 2.0.1
: ---
Assignee: Robert Rati
QA Contact: Lubos Trilety
URL:
Whiteboard:
Depends On:
Blocks: 723887
TreeView+ depends on / blocked
 
Reported: 2010-11-12 18:09 UTC by Robert Rati
Modified: 2011-09-07 16:43 UTC (History)
4 users (show)

Fixed In Version: condor-wallaby-base-db-1.14-1
Doc Type: Bug Fix
Doc Text:
C: The remote configuration default database had a number of unneeded security related parameters in several features C: The security parameters could be confusing on a configured node C: Cleaned up the security params in the default db R: Security parameter settings are much more clear
Clone Of:
Environment:
Last Closed: 2011-09-07 16:43:22 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1249 0 normal SHIPPED_LIVE Moderate: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement update 2011-09-07 16:40:45 UTC

Description Robert Rati 2010-11-12 18:09:34 UTC
Description of problem:
Need to clean up the definitions of the SEC_* params in the default db:
1) The params should have must_change = false
2) <subsys>.SEC_* should be removed from all features in the db

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Robert Rati 2010-11-12 21:59:32 UTC
May also be able to remove claimtobe authentication methods since fs/ntlm is specified.

Comment 2 Robert Rati 2010-11-18 15:21:17 UTC
Also look at making Authentication REQUIRED instead of OPTIONAL.

Comment 3 Robert Rati 2011-06-13 21:34:57 UTC
Removed all SEC_* params from all features except the Master feature.  Also edited SEC_DEFAULT_AUTHENTICATION_METHODS on the Master feature to include FS and NTLM methods.

All SEC_* params are neither must_change nor needs_restart

Fixed on master

Comment 4 Robert Rati 2011-06-24 15:33:46 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
C: The remote configuration default database had a number of  unneeded security related parameters in several features
C: The security parameters could be confusing on a configured node
C: Cleaned up the security params in the default db
R: Security parameter settings are much more clear

Comment 6 Lubos Trilety 2011-07-29 09:30:14 UTC
Tested with:
condor-wallaby-base-db-1.14-1

Tested on:
RHEL5 i386,x86_64
RHEL6 i686,x86_64

SEC_DEFAULT_AUTHENTICATION_METHODS on the Master feature includes also FS
and NTLM methods.
All SEC_* parameters have must_change and needs_restart set to false
Only Master feature contains SEC_* parameters.

>>> VERIFIED

Comment 7 errata-xmlrpc 2011-09-07 16:43:22 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-1249.html


Note You need to log in before you can comment on or make changes to this bug.