New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

3.0.x and above no longer accepts "refreshInterval" in jaas-loginmodule.conf #3987

Closed
gtsteffaniak opened this Issue Sep 6, 2018 · 2 comments

Comments

Projects
None yet
4 participants
@gtsteffaniak

gtsteffaniak commented Sep 6, 2018

Describe the bug
jaas-loginmodule.conf authentication type does not accept the refresh interval to update info from realm.propreties:

RDpropertyfilelogin {
org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
debug="true";
refreshInterval="60";
caseInsensitive="true";
file="/etc/rundeck/realm.properties";
org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule required
debug="true";
useFirstPass="true";
refreshInterval="60";
caseInsensitive="true";
file="/etc/rundeck/realm.properties";
};

My Rundeck detail

  • Rundeck version: tested on 3.0.1 and 3.0.5
  • install type: tested on rpm and yum install
  • OS Name/version: centos 7
  • DB Type/version: default

To Reproduce
Steps to reproduce the behavior:

  1. install via yum or deb
  2. do standard modifications (hostname to ip)
  3. add "refreshInterval="60" to jaas-loginmodule.conf
  4. restart rundeck
  5. Any changes to realm.properties requires a restart of rundeckd to take effect

Expected behavior
Previously, this parameter allowed for the realm.properties file to dynamically be updated and loaded without restarting rundeckd.

@gtsteffaniak gtsteffaniak reopened this Sep 6, 2018

@mazzella-c

This comment has been minimized.

mazzella-c commented Sep 12, 2018

Same issue here.

@omniton

This comment has been minimized.

omniton commented Nov 8, 2018

Same issue with org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule.

I have following jaas config:

login {
org.rundeck.jaas.jetty.JettyPamLoginModule requisite
debug="true"
service="sshd"
supplementalRoles="readonly"
storePass="true";

org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule required
debug="true"
useFirstPass="true"
refreshInterval="60"
caseInsensitive="true"
file="/etc/rundeck/realm.properties";
};

Rundeck doesn't see any changes in realm.properties file until restarted

sjrd218 added a commit that referenced this issue Nov 9, 2018

Fix #3452 and #3987 by adding a login module that uses the hot reload…
… feature of the Jetty PropertyUserStore.

gschueler added a commit that referenced this issue Nov 21, 2018

Merge pull request #4194 from rundeck/feature/3987/reloadable-realmprops
Fix #3452 and #3987 by adding a login module that can hot reload realm.properties

@gschueler gschueler added this to the 3.0.9 milestone Nov 21, 2018

@gschueler gschueler closed this Nov 21, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment