Changes to allow the reading of REALM Proxy User Credentials from miCASA

in order to avoid having those credentials in the clear in the iaRealms.xml file.
2007-05-09 22:54:35 +00:00
parent 90afeed839
commit 9c139d4a2b
9 changed files with 282 additions and 136 deletions
--- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
+++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Wed May  9 16:38:14 MDT 2007 - jluciani@novell.com
+
+- Added the capability to read REALM credentials from miCASA to
+  avoid having the credentials in the clear in the iaRealms.xml
+  file. This change adds a dependency on CASA and partially
+  addresses BUG265414.
+
+- Created a utility that allows users to edit the iaRealms.xml
+  file. This was necessary to support the CASA ATS Yast Module
+  enhancements.
+
+- Fixed settings and policy utilities to output error messages
+  to stderr instead of stdout to avoid messing up the CASA ATS
+  Yast Module.
+
+- Fixed the SPEC files to set the appropriate home folder for
+  the casaatsd user.
+
+- Temporary changed the SPEC files to allow the casaatsd user
+  to have a shell. This change will be reverted as soon as
+  the CASAcli is updated to allow a root user to pass the
+  UID of the user being targeted.
+
 -------------------------------------------------------------------
 Fri Apr 20 15:40:01 MDT 2007 - jluciani@novell.com

--- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in
+++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in
@@ -18,7 +18,7 @@
 Name:          @PACKAGE@ 
 URL:           http://www.novell.com/products
 BuildRequires:  gcc-c++ glib2-devel identity-abstraction insserv libstdc++ libstdc++-devel mono-devel pkgconfig servletapi5 sysvinit xerces-j2 xml-commons-apis
-BuildRequires:  java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils
+BuildRequires:  java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel
 %define prefix /usr
 License:       LGPL
 Group:         Applications/System
@@ -30,7 +30,7 @@ Summary:       Novell CASA Authentication Token Service
 Source:        %{name}-%{version}.tar.bz2
 BuildRoot:     %{_tmppath}/%{name}-%{version}-build
 Requires:      jre >= 1.5.0
-Requires:      servletapi5 tomcat5 sysvinit insserv identity-abstraction sed log4j xerces-j2
+Requires:      servletapi5 tomcat5 sysvinit insserv identity-abstraction sed log4j xerces-j2 CASA
 PreReq:        %fillup_prereq %insserv_prereq
 PreReq:        /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd
 PreReq:        /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent
@@ -221,7 +221,8 @@ fi

 user_present=`getent passwd | grep ^casaatsd`
 if [ -z "$user_present" ] ; then
-        /usr/sbin/useradd -c "casaatsd System User" -s /bin/false -r -d /var/lib/CASA/authtoken/svc -g casaauth casaatsd 2> /dev/null || :
+#        /usr/sbin/useradd -c "casaatsd System User" -s /bin/false -r -d /var/lib/CASA/authtoken/svc -g casaauth casaatsd 2> /dev/null || :
+        /usr/sbin/useradd -c "casaatsd System User" -s /bin/bash -r -d /var/lib/CASA/authtoken/svc -g casaauth casaatsd 2> /dev/null || :
 fi


--- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in
+++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in
@@ -18,7 +18,7 @@
 Name:          @PACKAGE@ 
 URL:           http://www.novell.com/products
 BuildRequires:  gcc-c++ glib2-devel identity-abstraction insserv libstdc++ libstdc++-devel mono-devel pkgconfig servletapi5 sysvinit xerces-j2 jdk novell-zenworks-java-links xml-commons-apis
-BuildRequires:  java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils
+BuildRequires:  java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel
 %define prefix /usr
 License:       LGPL
 Group:         Applications/System
@@ -30,7 +30,7 @@ Summary:       Novell CASA Authentication Token Service
 Source:        %{name}-%{version}.tar.bz2
 BuildRoot:     %{_tmppath}/%{name}-%{version}-build
 Requires:      jre >= 1.5.0
-Requires:      novell-zenworks-tomcat sysvinit insserv identity-abstraction sed jdk novell-zenworks-java-links log4j xerces-j2
+Requires:      novell-zenworks-tomcat sysvinit insserv identity-abstraction sed jdk novell-zenworks-java-links log4j xerces-j2 CASA
 PreReq:        %fillup_prereq %insserv_prereq
 PreReq:        /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd
 PreReq:        /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent
@@ -221,7 +221,8 @@ fi

 user_present=`getent passwd | grep ^casaatsd`
 if [ -z "$user_present" ] ; then
-        /usr/sbin/useradd -c "casaatsd System User" -s /bin/false -r -d /var/lib/CASA/authtoken/svc -g casaauth casaatsd 2> /dev/null || :
+#        /usr/sbin/useradd -c "casaatsd System User" -s /bin/false -r -d /var/lib/CASA/authtoken/svc -g casaauth casaatsd 2> /dev/null || :
+        /usr/sbin/useradd -c "casaatsd System User" -s /bin/bash -r -d /var/lib/CASA/authtoken/svc -g casaauth casaatsd 2> /dev/null || :
 fi