Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove Kerberos Functionality #74

Merged
merged 4 commits into from
Aug 1, 2022
Merged

Remove Kerberos Functionality #74

merged 4 commits into from
Aug 1, 2022

Conversation

Firstyear
Copy link
Collaborator

@Firstyear Firstyear commented Jun 9, 2022
edited
Loading

Kerberos functionality has been broken for more than 2 years. As a
result due to the abscence of reported bugs, we can assume it is not being used.

Since Kerberos is a security risk in many environments (unconstrained
lateral movement), and hugely complex, we should remove it.

Fixes #73

@coveralls
Copy link

coveralls commented Jun 9, 2022
edited
Loading

Pull Request Test Coverage Report for Build 2774200487

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-4.5%) to 7.08%
Totals Coverage Status
Change from base Build 2774178781: -4.5%
Covered Lines: 16
Relevant Lines: 226
💛 - Coveralls

@shundhammer
Copy link
Contributor

Funny that you mention this as we just received a Kerberos-related bug report:

https://bugzilla.suse.com/show_bug.cgi?id=1200290

But as I wrote there, I don't think we support that scenario in YaST anyway.

@Firstyear
Copy link
Collaborator Author

Firstyear commented Jun 9, 2022
edited
Loading

Yes, that bug report is unrelated to this removal. This is about removing support to setup a KDC with an LDAP DB backend (which is basicly unsupported upstream anyway).

@Firstyear
Copy link
Collaborator Author

@dgdavid can this be reviewed?

@dgdavid
Copy link
Member

dgdavid commented Jul 26, 2022

@dgdavid can this be reviewed?

Sure! I'm not an expert in neither, kerberos nor yast2-auth-server, but removal looks good.

Simply bump version and update changelog, please.

@Firstyear
Copy link
Collaborator Author

@dgdavid can this be reviewed?

Sure! I'm not an expert in neither, kerberos nor yast2-auth-server, but removal looks good.

Simply bump version and update changelog, please.

Done!

@dgdavid dgdavid mentioned this pull request Jul 27, 2022
Merged
dgdavid
dgdavid reviewed Jul 27, 2022
View reviewed changes
Copy link
Member

@dgdavid dgdavid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd use the same versioning schema used so far. Please, check my comment.

package/yast2-auth-server.changes Outdated Show resolved Hide resolved
@Firstyear
Copy link
Collaborator Author

version updated, probably should merge after #72

dgdavid
dgdavid approved these changes Jul 28, 2022
View reviewed changes
Copy link
Member

@dgdavid dgdavid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

dgdavid
dgdavid requested changes Jul 28, 2022
View reviewed changes
Copy link
Member

@dgdavid dgdavid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We just need a Bugzilla / Jira / Github reference

package/yast2-auth-server.changes Outdated
Wed Jul 27 00:50:39 UTC 2022 - William Brown <william.brown@suse.com>

- Version 4.5.1
- Remove kerberos ldap database support
Copy link
Member

@dgdavid dgdavid Jul 28, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a Bugzilla / Jira / Github reference here. If not, our CI tooling will complain at the time to send the OBS / IBS request like already happened in the latest yast-auth-client PR (see https://ci.opensuse.org/job/yast-yast-auth-client-master/32/console)

...
rake aborted!
Stopping, missing new bugzilla or fate entry in the *.changes file.
e.g. bnc#<number> or fate#<number>
...

@Firstyear
Copy link
Collaborator Author

No problem, I hope that it's all good now :)

@dgdavid
Copy link
Member

dgdavid commented Aug 1, 2022

Ok, now that #72 is merged we have to resolve conflicts. I'll do that, don't worry.

Firstyear and others added 4 commits August 1, 2022 11:42
@Firstyear @dgdavid
Remove Kerberos Functionality
dbe8c33 
Kerberos functionality has been broken for more than 2 years. As a
result due to the abscence of bugs, we can assume it is not being used.

Since Kerberos is a security risk in many environments (unconstrained
lateral movement), and hugely complex, we should remove it.
@Firstyear @dgdavid
Update changelog
be3071d
@Firstyear @dgdavid
version
ee948ba
@Firstyear @dgdavid
Update package/yast2-auth-server.changes
4a92363 
Co-authored-by: David Díaz <1691872+dgdavid@users.noreply.github.com>
dgdavid
dgdavid approved these changes Aug 1, 2022
View reviewed changes
Copy link
Member

@dgdavid dgdavid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although I do not have experience with this module, changes looks goods according to the PR description.

Thank you!

@dgdavid dgdavid merged commit 6052110 into yast:master Aug 1, 2022
@yast-bot
Copy link

yast-bot commented Aug 1, 2022

✔️ Public Jenkins job #24 successfully finished
✔️ Created OBS submit request #991998

@yast-bot
Copy link

yast-bot commented Aug 1, 2022

✔️ Internal Jenkins job #16 successfully finished
✔️ Created IBS submit request #276793

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgdavid dgdavid dgdavid approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove kerberos server with LDAP DB functionality
5 participants
@Firstyear @coveralls @shundhammer @dgdavid @yast-bot