[Pacemaker] Remote Access not Working

Andrew Beekhof andrew at beekhof.net
Mon Dec 14 08:01:35 UTC 2009


On Mon, Dec 14, 2009 at 8:33 AM, Yan Gao <ygao at novell.com> wrote:
> Hi,
>
> Andrew Beekhof wrote:
>> On Thu, Nov 12, 2009 at 4:46 PM, Colin <colin.hch at gmail.com> wrote:
>>> On Thu, Nov 12, 2009 at 3:36 PM, Andrew Beekhof <andrew at beekhof.net> wrote:
>>>
>>> 1) In cib/remote.c, the function check_group_membership() only checks
>>> whether the user is explicitly listed as member of the group in
>>> /etc/group, but does not accept the user if only the users's primary
>>> group in /etc/passwd is set to the correct group (and the explicit,
>>> then redundant, membership in /etc/group is missing).
>>
>> Agreed.  Seems to be a PAM thing that I can't do much about though.
> I think it should check whether the user's primary group is "haclient"
> first, then determine whether he's listed in the group members.
> Attached the patch for resolving this.

Nice!




More information about the Pacemaker mailing list