-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove Kerberos Functionality #74
Conversation
Pull Request Test Coverage Report for Build 2774200487
💛 - Coveralls |
Funny that you mention this as we just received a Kerberos-related bug report: https://bugzilla.suse.com/show_bug.cgi?id=1200290 But as I wrote there, I don't think we support that scenario in YaST anyway. |
Yes, that bug report is unrelated to this removal. This is about removing support to setup a KDC with an LDAP DB backend (which is basicly unsupported upstream anyway). |
@dgdavid can this be reviewed? |
Sure! I'm not an expert in neither, kerberos nor yast2-auth-server, but removal looks good. Simply bump version and update changelog, please. |
Done! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd use the same versioning schema used so far. Please, check my comment.
version updated, probably should merge after #72 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We just need a Bugzilla / Jira / Github reference
package/yast2-auth-server.changes
Outdated
Wed Jul 27 00:50:39 UTC 2022 - William Brown <william.brown@suse.com> | ||
|
||
- Version 4.5.1 | ||
- Remove kerberos ldap database support |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need a Bugzilla / Jira / Github reference here. If not, our CI tooling will complain at the time to send the OBS / IBS request like already happened in the latest yast-auth-client PR (see https://ci.opensuse.org/job/yast-yast-auth-client-master/32/console)
...
rake aborted!
Stopping, missing new bugzilla or fate entry in the *.changes file.
e.g. bnc#<number> or fate#<number>
...
No problem, I hope that it's all good now :) |
Ok, now that #72 is merged we have to resolve conflicts. I'll do that, don't worry. |
Kerberos functionality has been broken for more than 2 years. As a result due to the abscence of bugs, we can assume it is not being used. Since Kerberos is a security risk in many environments (unconstrained lateral movement), and hugely complex, we should remove it.
Co-authored-by: David Díaz <1691872+dgdavid@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Although I do not have experience with this module, changes looks goods according to the PR description.
Thank you!
✔️ Public Jenkins job #24 successfully finished |
✔️ Internal Jenkins job #16 successfully finished |
Kerberos functionality has been broken for more than 2 years. As a
result due to the abscence of reported bugs, we can assume it is not being used.
Since Kerberos is a security risk in many environments (unconstrained
lateral movement), and hugely complex, we should remove it.
Fixes #73