Skip to Content.
Sympa Menu

en - [sympa-users] Sympa 5.4.3 generic_sso woes

Subject: The mailing list for listmasters using Sympa

List archive

Chronological Thread  
  • From: "Eric G. Wolfe" <address@concealed>
  • To: address@concealed
  • Subject: [sympa-users] Sympa 5.4.3 generic_sso woes
  • Date: Wed, 22 Oct 2008 16:55:10 -0400

A few months ago, I tried updating Sympa 5.3.4 to 5.4.3, rather unsuccessfully. We are still running Sympa 5.3.4 in production without any major issues. We are using a generic_sso configuration in the auth.conf to authenticate with Kerberos using the Apache 2.2 mod_auth_kerb. So the Apache REMOTE_USER header/server variable is used to do a lookup from the netidmap_table and get the user's e-mail address.

So I can login just fine to Sympa 5.4.3. As soon as I click a link /sympa/pref, I get logged out, then I get a message "ERROR (pref) - You need to login". If I click the /sympa/serveradmin link, it is the same thing, "ERROR (serveradmin) - You need to login".

At first I thought it was a problem with a template. So I disabled all of our web templates, and I still get the same behaviour with the default web_tt2 templates. Then I thought it was a problem with the database schema. After all, I may have run a 'sympa.pl --upgrade' or two with only INSERT,SELECT,UPDATE,DELETE permissions on the database. Finally, I thought there may be a problem with the way we were running Apache, and it's sympa permissions.

So, finally I broke down and just built a new test Sympa server. I have a clean install of Sympa 5.4.3. I dropped the sympa database, and ran a rm -rf /home/sympa on the test server. I have installed Sympa from scratch; only have one user in my database; there are no customized web templates (tt2 files); the only thing that is really configured on this server is generic_sso authentication.

I can provide a debug log. I wasn't sure about the list policy about dumping long logs on the list, without asking first. If anyone has had a similar experience, or has been pulling their hair out, as much as I have, trying to troubleshoot this; then I would like to hear about it.

--
Eric G. Wolfe, IT Associate, Sr.
One John Marshall Drive
Marshall University, Drinko Library 428k
Huntington, WV 25755
Phone: 304.696.3428
Email: address@concealed

"You can't have filenames longer than 14 chars.
You can't even think about them!"
-- Larry Wall in Configure from the perl distribution




Archive powered by MHonArc 2.6.19+.

Top of Page