[Spacewalk-list] Spacewalk Proxy 1.6 and non-self signed certificates
Scott Worthington
scott.c.worthington at gmail.com
Mon Jan 16 15:39:05 UTC 2012
On Monday, January 16, 2012 9:49:12 AM, Scott Worthington wrote:
> On Monday, January 16, 2012 7:15:13 AM, Jan Pazdziora wrote:
>> On Tue, Jan 10, 2012 at 02:13:40PM -0500, Scott Worthington wrote:
>>> On Tuesday, January 10, 2012 10:33:54 AM, Jan Pazdziora wrote:
[...]
>> --- a/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf
>> +++ b/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf
>> @@ -161,7 +161,7 @@ PerlModule PXT::ApacheAuth
>> <Files proxy.pxt>
>> ForceType text/pxt
>> SetHandler perl-script
>> - require acl mixin RHN::Access::System user_role(org_admin); system_feature(ftr_proxy_capable); org_channel_family(rhn-proxy); child_channel_candidate(rhn-proxy)
>> + require acl mixin RHN::Access::System user_role(org_admin); system_feature(ftr_proxy_capable) or system_is_proxy(); org_channel_family(rhn-proxy) or system_is_proxy(); child_channel_candidate(rhn-proxy) or system_is_proxy()
>> </Files>
>>
>> <Files activation.pxt>
>>
>
> Jan,
[...]
As a troubleshooting test, I commented out line 164 in
/etc/httpd/conf.d/zz-sapcewalk-www.conf and performed
'service httpd reload'
Commented this out:
# require acl mixin RHN::Access::System
user_role(org_admin); system_feature(ftr_proxy_capable) or
system_is_proxy(); org_channel_family(rhn-proxy) or system_is_proxy();
child_channel_candidate(rhn-proxy) or system_is_proxy()
My assumption was if the error was in the above ACL test, then
commenting it out would let the section pass instead of fail.
Unfortunately, the same traceback was e-mailed with or without the acl
test above.
So, perhaps the permissions failure is somewhere else?
In /usr/share/perl5/vendor_perl/Sniglets/Servers.pm we have on lines:
150 throw "User '" . $pxt->user->id . "' attempted to access
proxy interface without permission."
151 unless
$pxt->user->org->has_channel_family_entitlement('rhn-proxy');
Perhaps this is blocking?
More information about the Spacewalk-list
mailing list