[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#946797: marked as done (debian-edu-config: kadm5.acl should set proper rights for users)



Your message dated Mon, 16 Dec 2019 16:19:31 +0000
with message-id <E1igt5n-000Fs2-S4@fasolo.debian.org>
and subject line Bug#946797: fixed in debian-edu-config 2.11.10
has caused the Debian Bug report #946797,
regarding debian-edu-config: kadm5.acl should set proper rights for users
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
946797: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: debian-edu-config
Version: 1.812+deb8u1
Severity: important

To improve security, settings in kadm5.acl should be adjusted.

The needed fix is minimal:

--- a/share/debian-edu-config/tools/kerberos-kdc-init
+++ b/share/debian-edu-config/tools/kerberos-kdc-init
@@ -187,7 +187,7 @@ EOF
     if [ ! -f /etc/krb5kdc/kadm5.acl ] ; then
        cat > /etc/krb5kdc/kadm5.acl <<EOF
 root/admin@INTERN *
-*@INTERN cil
+*@INTERN Cil
 */*@INTERN i
 EOF
     chmod 644 /etc/krb5kdc/kadm5.acl

Thanks to Andreas B. Mundt for the hint.

Also, /etc/krb5kdc/kadm5.acl should be fixed accordingly upon upgrades
by adding something like this to debian-edu-config.postinst:

[configure case]
     fi
+
+    # Set proper rights for users.
+    if [ -f /etc/krb5kdc/kadm5.acl ] ; then
+        sed -i 's/cil/Cil/' /etc/krb5kdc/kadm5.acl
+    fi
     ;;
 esac

Wolfgang

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message ---
Source: debian-edu-config
Source-Version: 2.11.10

We believe that the bug you reported is fixed in the latest version of
debian-edu-config, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 946797@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Levsen <holger@debian.org> (supplier of updated debian-edu-config package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 16 Dec 2019 16:56:24 +0100
Source: debian-edu-config
Architecture: source
Version: 2.11.10
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Holger Levsen <holger@debian.org>
Closes: 946797
Changes:
 debian-edu-config (2.11.10) unstable; urgency=medium
 .
   [ Wolfgang Schweer ]
   * share/debian-edu-config/tools/kerberos-kdc-init:
     - Set proper rights for users in kadm5.acl file. (Closes: #946797)
   * Adjust debian/debian-edu-config.postinst to fix kadm5.acl upon upgrades.
   * Use secure URI in Homepage field.
   * Use canonical URL in Vcs-Git.
 .
   [ Holger Levsen ]
   * Improve debian/debian-edu-config.postinst fix to only run once on
     upgrades.
Checksums-Sha1:
 5b27f6077b87231c0d18c20a4c32147526e95c8c 1923 debian-edu-config_2.11.10.dsc
 e44bb8b240fb29ba916c959048ee620ad6d77950 340580 debian-edu-config_2.11.10.tar.xz
 fdb9ddfea7b236e7f145a9cb24abc8de3dbd5652 5323 debian-edu-config_2.11.10_source.buildinfo
Checksums-Sha256:
 c53a60a14694154a2598060735eaefe631d47b402d464e1d969d1b65873ed614 1923 debian-edu-config_2.11.10.dsc
 285930972ed0ef9dc563064f42a3a75c159be2ba942e5d69ca7da64913dea8fb 340580 debian-edu-config_2.11.10.tar.xz
 1fb2d212d9fc6a17c66ad51639cccf102d14b4a966138d26f0689750b9722a22 5323 debian-edu-config_2.11.10_source.buildinfo
Files:
 93d8ea4c7578e37ee8927dafc0ed3209 1923 misc optional debian-edu-config_2.11.10.dsc
 c698786e25119d7380d25fde242adf7e 340580 misc optional debian-edu-config_2.11.10.tar.xz
 3c059ac522cada4d16cf63ffb1a8d015 5323 misc optional debian-edu-config_2.11.10_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl33qaEACgkQCRq4Vgaa
qhy3dg/9GNR24sciJDRuKh2pq2ExE1/+flhfnPYcFJkRE+x667FKc0kJgGLkCV4R
CLXzHJafRPPMWt/uFjIX0QmhY1kXPyJlTtMCo/QJW8GhIVUSzkjdVn9L3VTr4tcT
J9QYI7oXl3CJ+oEbErX8bq4ufifLRKxHoTVKrbPi2JOSD6zoakW6uWRIHNBUWVDz
uPxpgeVeT4ePMNyqnVb1360v5Lr3dUm51dCxxIXxD5hCzaDA+Vl8dUWO65BTryRR
im5EbjnBwp+wsWNkSAiumhBKdJnoqafsF8bOY9Bb180hPljFeVCvrfdLtuRf5t1k
Ky7zZBrhV0z375VxSNj80IqE81A7vzBblngUTrCMzJmnu/GdZwqRBfawgAVronj6
oelLB9EOLn78BK6/84BqAghFDk+tZ8ysE+h6PGYAnTQVF5mfSQjHVcMbyr/YuJzn
JAmx0qWhOm1dwkOvd8Gg/9JC5dg5XhZgfnheWkvD5v6V6CxUGHSGKU7+iWppaGkr
wawx1K5D07YEeV8gv2xLbkExOeN5NTHDre9Vw2Kam/rpfetv2WHc62gCO9PYr/tE
STjag0vENNQhKWVw1wn19kI5TOlQrXFJ7VoMNob4dp6Yjag5YLJlGq1EAFksRCW2
4qgZjEqrG6+MVvno8Px596DsveGkKE3q54ep27zh5vTre8kV0dI=
=6zZo
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: