Bug 831001 - netatalk pam configuration has invalid entry
netatalk pam configuration has invalid entry
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: netatalk (Show other bugs)
17
All Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Lukáš Nykrýn
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-11 18:17 EDT by Scott Shambarger
Modified: 2012-06-30 18:01 EDT (History)
1 user (show)

See Also:
Fixed In Version: netatalk-2.2.2-2.fc17
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-30 18:01:50 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Fix comment in netatalk.pam-system-auth (643 bytes, application/octet-stream)
2012-06-11 18:17 EDT, Scott Shambarger
no flags Details

  None (edit)
Description Scott Shambarger 2012-06-11 18:17:07 EDT
Created attachment 591033 [details]
Fix comment in netatalk.pam-system-auth

Description of problem:
The following errors appear in log/secure:

PAM (netatalk) illegal module type: user
PAM pam_parse: expecting return value; [...context]

Version-Release number of selected component (if applicable):
netatalk-2.2.2-1.fc17

How reproducible:
Always

Steps to Reproduce:
1. Configure netatalk to authenticate connections (eg '-uamlist uams_dhx2.so' in afpd.conf)
2. Attempt to connect to afpd server
3. Examine log/secure
  
Actual results:
PAM parse errors as displayed above.

Expected results:
No PAM errors

Additional info:
This appears to be a typo in the netatalk.pam-system-auth in the source package, where a comment was incorrectly wrapped to a newline.  I've supplied a patch to fix the comment.
Comment 1 Lukáš Nykrýn 2012-06-12 03:45:56 EDT
Thanks for the patch.
committed to git->http://lists.fedoraproject.org/pipermail/scm-commits/2012-June/802338.html->modified
Comment 2 Fedora Update System 2012-06-12 03:49:36 EDT
netatalk-2.2.2-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/netatalk-2.2.2-2.fc17
Comment 3 Scott Shambarger 2012-06-12 04:32:39 EDT
2.2.2-2 appears to work as expected.

I did notice that upgrading the package didn't restart the daemon as I expected... perhaps the spec file needs a few extra lines (these are inspired from bind.spec, should I log a separate bug?):

%preun
if [ "$1" -eq 0 ] ; then
  # Package removal, not upgrade
  /bin/systemctl --no-reload disable netatalk.service > /dev/null 2>&1 || :
  /bin/systemctl stop netatalk.service > /dev/null 2>&1 || :
fi
:;

%postun
/sbin/ldconfig
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge 1 ] ; then
  # Package upgrade, not uninstall
  /bin/systemctl try-restart netatalk.service >/dev/null 2>&1 || :
fi
:;
Comment 4 Lukáš Nykrýn 2012-06-12 04:46:02 EDT
There is only missing '# Package upgrade, not uninstall' part in spec. I will fix it in rawhide, but if you think that this should be also fixed in F17 please file a bug so I won't forget it in next update.
Comment 5 Scott Shambarger 2012-06-12 05:11:05 EDT
Probably not important for this update since pam is dynamic loading.  Good to hear it'll be in F18 though :)
Comment 6 Fedora Update System 2012-06-13 17:34:23 EDT
Package netatalk-2.2.2-2.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing netatalk-2.2.2-2.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-9327/netatalk-2.2.2-2.fc17
then log in and leave karma (feedback).
Comment 7 Scott Shambarger 2012-06-22 20:08:00 EDT
Left feedback over a week ago, this can probably go stable.
Comment 8 Fedora Update System 2012-06-30 18:01:50 EDT
netatalk-2.2.2-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.