Project

General

Profile

Bug #15642

auth_kerb.conf error when using external authentication and foreman-installer

Added by Alexandre Barth over 4 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Foreman modules
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

I use these parameters with foreman-installer : foreman-installer --foreman-ipa-authentication=true --foreman-pam-service=foreman-prod

The keytab is retrieved and is in /etc/httpd/conf/http.keytab
The pam service is created and is in /etc/pam.d/foreman-prod

But the config file /etc/httpd/conf.d/05-foreman-ssl.d/auth_kerb.conf is not correctly generated :
Krb5KeyTab line has no value
require pam-account has no value

systemctl status httpd :
Syntax error on line 9 of /etc/httpd/conf.d/05-foreman-ssl.d/auth_kerb.conf:
Krb5KeyTab takes one argument, Location of Kerberos V5 keytab file.

Associated revisions

Revision 83784984 (diff)
Added by Dominic Cleal over 4 years ago

fixes #15642 - interpolate out of scope IPA-related variables

History

#1 Updated by Dominic Cleal over 4 years ago

  • Project changed from Foreman to Installer
  • Category set to Foreman modules
  • Legacy Backlogs Release (now unused) set to 161

The templates/auth_kerb.conf.erb template appears to rely on having variables in-scope, but the variables it's accessing are defined in the foreman class and not foreman::config where it's used. The template also has no test coverage.

#2 Updated by Dominic Cleal over 4 years ago

  • Status changed from New to Assigned
  • Assignee set to Dominic Cleal

#3 Updated by Alexandre Barth over 4 years ago

same problem with the intercept_form_submit.conf file with value for InterceptFormPAMService parameter

#4 Updated by Dominic Cleal over 4 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-foreman/pull/462 added

Thanks, I fixed that one too.

#5 Updated by Alexandre Barth over 4 years ago

Thank you Dominic, tested and i confirm this is working now.

#6 Updated by Dominic Cleal over 4 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF