Bug 661123 - Luci has config. options that are taken into account while using SASL2 hardcoded while the config. file may be used instead
Summary: Luci has config. options that are taken into account while using SASL2 hardco...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: luci
Version: 14
Hardware: Unspecified
OS: Linux
low
medium
Target Milestone: ---
Assignee: Jan Pokorný [poki]
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 660446
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-07 20:33 UTC by Jan Pokorný [poki]
Modified: 2010-12-13 19:36 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-12-13 19:36:03 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 660446 0 medium CLOSED Luci package neither well maintainable wrt external files (cross-references, values integrity etc.) nor it forms compact... 2021-02-22 00:41:40 UTC

Internal Links: 660446

Description Jan Pokorný [poki] 2010-12-07 20:33:48 UTC 
Adding this configuration file with the same configuration as was
previously hardcoded (and giving this hardcoded values away) may be
a good way of separation program logic and program configuration
and thus making luci more flexible with authentization in question.

In addition, if such file is marked as %config(noreplace) in the spec
file, it can be safely modified by the administrator to serve
his/her needs of authentication backend (just to be explicit:
of course using anything else than is preconfigured may be claimed
as unsupported [use on your own risk] but OTOH it will offer new
possible setups that e.g. utilize kerberos for authentication).


Note: this was fixed in the context of work on pkg-update upstream
      branch which means the fix ties closely to the major change
      brought from this branch into main-line upstream code
      in connection with bug #660446
Comment 1 Jan Pokorný [poki] 2010-12-07 21:10:36 UTC 
This is fixed in http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=9c25ee4129f6c18f54a4ac9e5fe30adfe755565a (by mistake, the commit header tells the wrong BZ number it addresses, it should be apparently number of this bug [#661123]).

There is an important message for the fix of this bug: SASL2 library looks
at /etc/sasl2 location for <appname>.conf configuration files since verion
2.1.22 (see http://www.postfix.org/SASL_README.html#server_cyrus_location).
This fact is reflected in the spec file (Requires: cyrus-sasl >= 2.1.22),
but pointing this out also at this place.
Comment 2 Jan Pokorný [poki] 2010-12-07 21:10:36 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Result: Requires cyrus-sasl >= 2.1.22
Comment 3 Jan Pokorný [poki] 2010-12-07 22:08:35 UTC 
To test this, basically this sequence (made after installation) will serve
its purpose:

1. Check that SASL2 config. file has been installed properly:

# ls -l /etc/sasl2/luci.conf
-rw-r--r--. 1 root root 83 Dec  7 13:05 /etc/sasl2/luci.conf
# rpm -qf /etc/sasl2/luci.conf
luci-*

2. Check that luci authentication works as before:

# service luci start
(try to login to luci with system-wide user/pasword)
# service luci stop

3. Check that content of /etc/sasl2/luci.conf is taken into account
   by SASL2 library by changing it so the next try to login into luci
   will fail:

# sed -i.old "s/saslauthd/auxprop/" /etc/sasl2/luci.conf
(repeat the step 2 which should be now unsuccessful)
# mv -f /etc/sasl2/luci.conf.old /etc/sasl2/luci.conf
(repeat the step 2 which should be now again successful)
Note You need to log in before you can comment on or make changes to this bug.