Your message dated Mon, 16 Dec 2019 16:19:31 +0000 with message-id <E1igt5n-000Fs2-S4@fasolo.debian.org> and subject line Bug#946797: fixed in debian-edu-config 2.11.10 has caused the Debian Bug report #946797, regarding debian-edu-config: kadm5.acl should set proper rights for users to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 946797: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: debian-edu-config: kadm5.acl should set proper rights for users
- From: Wolfgang Schweer <w.schweer@gmx.de>
- Date: Mon, 16 Dec 2019 00:26:57 +0100
- Message-id: <[🔎] 20191215232657.GA11112@star>
Package: debian-edu-config Version: 1.812+deb8u1 Severity: important To improve security, settings in kadm5.acl should be adjusted. The needed fix is minimal: --- a/share/debian-edu-config/tools/kerberos-kdc-init +++ b/share/debian-edu-config/tools/kerberos-kdc-init @@ -187,7 +187,7 @@ EOF if [ ! -f /etc/krb5kdc/kadm5.acl ] ; then cat > /etc/krb5kdc/kadm5.acl <<EOF root/admin@INTERN * -*@INTERN cil +*@INTERN Cil */*@INTERN i EOF chmod 644 /etc/krb5kdc/kadm5.acl Thanks to Andreas B. Mundt for the hint. Also, /etc/krb5kdc/kadm5.acl should be fixed accordingly upon upgrades by adding something like this to debian-edu-config.postinst: [configure case] fi + + # Set proper rights for users. + if [ -f /etc/krb5kdc/kadm5.acl ] ; then + sed -i 's/cil/Cil/' /etc/krb5kdc/kadm5.acl + fi ;; esac WolfgangAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 946797-close@bugs.debian.org
- Subject: Bug#946797: fixed in debian-edu-config 2.11.10
- From: Holger Levsen <holger@debian.org>
- Date: Mon, 16 Dec 2019 16:19:31 +0000
- Message-id: <E1igt5n-000Fs2-S4@fasolo.debian.org>
Source: debian-edu-config Source-Version: 2.11.10 We believe that the bug you reported is fixed in the latest version of debian-edu-config, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 946797@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Holger Levsen <holger@debian.org> (supplier of updated debian-edu-config package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Dec 2019 16:56:24 +0100 Source: debian-edu-config Architecture: source Version: 2.11.10 Distribution: unstable Urgency: medium Maintainer: Debian Edu Developers <debian-edu@lists.debian.org> Changed-By: Holger Levsen <holger@debian.org> Closes: 946797 Changes: debian-edu-config (2.11.10) unstable; urgency=medium . [ Wolfgang Schweer ] * share/debian-edu-config/tools/kerberos-kdc-init: - Set proper rights for users in kadm5.acl file. (Closes: #946797) * Adjust debian/debian-edu-config.postinst to fix kadm5.acl upon upgrades. * Use secure URI in Homepage field. * Use canonical URL in Vcs-Git. . [ Holger Levsen ] * Improve debian/debian-edu-config.postinst fix to only run once on upgrades. Checksums-Sha1: 5b27f6077b87231c0d18c20a4c32147526e95c8c 1923 debian-edu-config_2.11.10.dsc e44bb8b240fb29ba916c959048ee620ad6d77950 340580 debian-edu-config_2.11.10.tar.xz fdb9ddfea7b236e7f145a9cb24abc8de3dbd5652 5323 debian-edu-config_2.11.10_source.buildinfo Checksums-Sha256: c53a60a14694154a2598060735eaefe631d47b402d464e1d969d1b65873ed614 1923 debian-edu-config_2.11.10.dsc 285930972ed0ef9dc563064f42a3a75c159be2ba942e5d69ca7da64913dea8fb 340580 debian-edu-config_2.11.10.tar.xz 1fb2d212d9fc6a17c66ad51639cccf102d14b4a966138d26f0689750b9722a22 5323 debian-edu-config_2.11.10_source.buildinfo Files: 93d8ea4c7578e37ee8927dafc0ed3209 1923 misc optional debian-edu-config_2.11.10.dsc c698786e25119d7380d25fde242adf7e 340580 misc optional debian-edu-config_2.11.10.tar.xz 3c059ac522cada4d16cf63ffb1a8d015 5323 misc optional debian-edu-config_2.11.10_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl33qaEACgkQCRq4Vgaa qhy3dg/9GNR24sciJDRuKh2pq2ExE1/+flhfnPYcFJkRE+x667FKc0kJgGLkCV4R CLXzHJafRPPMWt/uFjIX0QmhY1kXPyJlTtMCo/QJW8GhIVUSzkjdVn9L3VTr4tcT J9QYI7oXl3CJ+oEbErX8bq4ufifLRKxHoTVKrbPi2JOSD6zoakW6uWRIHNBUWVDz uPxpgeVeT4ePMNyqnVb1360v5Lr3dUm51dCxxIXxD5hCzaDA+Vl8dUWO65BTryRR im5EbjnBwp+wsWNkSAiumhBKdJnoqafsF8bOY9Bb180hPljFeVCvrfdLtuRf5t1k Ky7zZBrhV0z375VxSNj80IqE81A7vzBblngUTrCMzJmnu/GdZwqRBfawgAVronj6 oelLB9EOLn78BK6/84BqAghFDk+tZ8ysE+h6PGYAnTQVF5mfSQjHVcMbyr/YuJzn JAmx0qWhOm1dwkOvd8Gg/9JC5dg5XhZgfnheWkvD5v6V6CxUGHSGKU7+iWppaGkr wawx1K5D07YEeV8gv2xLbkExOeN5NTHDre9Vw2Kam/rpfetv2WHc62gCO9PYr/tE STjag0vENNQhKWVw1wn19kI5TOlQrXFJ7VoMNob4dp6Yjag5YLJlGq1EAFksRCW2 4qgZjEqrG6+MVvno8Px596DsveGkKE3q54ep27zh5vTre8kV0dI= =6zZo -----END PGP SIGNATURE-----
--- End Message ---