[Spacewalk-list] Spacewalk Proxy 1.6 and non-self signed certificates

[Scott Worthington]

On Monday, January 16, 2012 9:49:12 AM, Scott Worthington wrote:
> On Monday, January 16, 2012 7:15:13 AM, Jan Pazdziora wrote:
>> On Tue, Jan 10, 2012 at 02:13:40PM -0500, Scott Worthington wrote:
>>> On Tuesday, January 10, 2012 10:33:54 AM, Jan Pazdziora wrote:
[...]

>> --- a/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf
>> +++ b/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf
>> @@ -161,7 +161,7 @@ PerlModule PXT::ApacheAuth
>>  	<Files proxy.pxt>
>>  		ForceType text/pxt
>>  		SetHandler perl-script
>> -		require acl mixin RHN::Access::System user_role(org_admin); system_feature(ftr_proxy_capable); org_channel_family(rhn-proxy); child_channel_candidate(rhn-proxy)
>> +		require acl mixin RHN::Access::System user_role(org_admin); system_feature(ftr_proxy_capable) or system_is_proxy(); org_channel_family(rhn-proxy) or system_is_proxy(); child_channel_candidate(rhn-proxy) or system_is_proxy()
>>  	</Files>
>>  
>>  	<Files activation.pxt>
>>
>
> Jan, 
[...]

As a troubleshooting test, I commented out line 164 in 
/etc/httpd/conf.d/zz-sapcewalk-www.conf and performed
'service httpd reload'

Commented this out:
#                require acl mixin RHN::Access::System 
user_role(org_admin); system_feature(ftr_proxy_capable) or 
system_is_proxy(); org_channel_family(rhn-proxy) or system_is_proxy(); 
child_channel_candidate(rhn-proxy) or system_is_proxy()

My assumption was if the error was in the above ACL test, then
commenting it out would let the section pass instead of fail.

Unfortunately, the same traceback was e-mailed with or without the acl 
test above.
So, perhaps the permissions failure is somewhere else?

In /usr/share/perl5/vendor_perl/Sniglets/Servers.pm we have on lines:

    150   throw "User '" . $pxt->user->id . "' attempted to access 
proxy interface without permission."
    151     unless 
$pxt->user->org->has_channel_family_entitlement('rhn-proxy');

Perhaps this is blocking?