[Pacemaker] Remote Access not Working
Yan Gao
ygao at novell.com
Mon Dec 14 02:33:26 EST 2009
Hi,
Andrew Beekhof wrote:
> On Thu, Nov 12, 2009 at 4:46 PM, Colin <colin.hch at gmail.com> wrote:
>> On Thu, Nov 12, 2009 at 3:36 PM, Andrew Beekhof <andrew at beekhof.net> wrote:
>>
>> 1) In cib/remote.c, the function check_group_membership() only checks
>> whether the user is explicitly listed as member of the group in
>> /etc/group, but does not accept the user if only the users's primary
>> group in /etc/passwd is set to the correct group (and the explicit,
>> then redundant, membership in /etc/group is missing).
>
> Agreed. Seems to be a PAM thing that I can't do much about though.
I think it should check whether the user's primary group is "haclient"
first, then determine whether he's listed in the group members.
Attached the patch for resolving this.
Thanks,
Yan
--
ygao at novell.com
Software Engineer
China Server Team, OPS Engineering
Novell, Inc.
Making IT Work As One™
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pacemaker-cib-primary-group.diff
Type: text/x-patch
Size: 922 bytes
Desc: not available
URL: <http://oss.clusterlabs.org/pipermail/pacemaker/attachments/20091214/1a66aa80/attachment.diff>
More information about the Pacemaker
mailing list