Skip to Content.
Sympa Menu

en - [sympa-users] Problem with Generic SSO + e-mail verification after upgrade 5.4.7 -> 6.0.3

Subject: The mailing list for listmasters using Sympa

List archive

[sympa-users] Problem with Generic SSO + e-mail verification after upgrade 5.4.7 -> 6.0.3

Chronological Thread  
    < Chronological >       < Thread >
  • From: "Eric G. Wolfe" <address@concealed>
  • To: "address@concealed" <address@concealed>
  • Subject: [sympa-users] Problem with Generic SSO + e-mail verification after upgrade 5.4.7 -> 6.0.3
  • Date: Fri, 04 Jun 2010 21:57:22 -0400
I've been testing out the upgrade process from 5.4.7 to 6.0.3 before putting this into production, and have run into what appears to be a major snag.

With Sympa 5.4.7, our organization used Generic SSO (mod_auth_kerb) and e-mail verification for netidmap purposes. It is my understanding that this will insert the necessary netidmap_table entries associating a logon username (netid_netidmap in the schema) with an e-mail address (email_netidmap in the schema). So I tested the e-mail verification process while updating our web_tt2 templates. I removed myself from the netidmap_table and user_table, then went through the e-mail verification process again. This has always worked in the past as a quick test, but this time I get "ERROR () - Provided password is incorrect ERROR (sso_login) - Authentication failed".

The configuration for mod_auth_kerb is working on the test server. Anyone that is already present in the netidmap_table is successfully mapped to the correct e-mail address, after logging in to the Apache Kerberos authentication module.

So the problem is getting new users verified, and added to the netidmap_table. I have restored from a backup and went through the upgrade a second time to confirm the issue. Was wondering if anyone has encountered something similar, before I file a bug report?

Here are the relevant configs from Apache for mod_auth_kerb single-sign on.

# Excerpt from etc/httpd/conf.d/sympa.conf
# Load authentication modules
LoadModule auth_kerb_module modules/mod_auth_kerb.so

<Location /sympa/sso_login/munet>
AuthType Kerberos
AuthName MUnet
KrbMethodNegotiate Off
Krb5KeyTab /etc/krb5.keytab
KrbAuthRealms MARSHALL.EDU SOM.MARSHALL.EDU
KrbVerifyKDC On
KrbSaveCredentials On
Require valid-user
</Location>
# End sympa.conf

# sympa/etc/auth.conf
generic_sso
service_name Login with MUnet ID
service_id munet
netid_http_header REMOTE_USER
internal_email_by_netid 1
force_email_verify 1

user_table
regexp .*
# end auth.conf


--
Eric G. Wolfe
Senior Linux Administrator,
IT Infrastructure Systems
--------------------------------------
Marshall University Computing Services
Drinko Library 428-K
One John Marshall Dr.
Huntington, WV 25755
Phone: 304.696.3428
Email: address@concealed

This fortune is false.


  • [sympa-users] Problem with Generic SSO + e-mail verification after upgrade 5.4.7 -> 6.0.3, Eric G. Wolfe, 06/05/2010

Archive powered by MHonArc 2.6.19+.

Top of Page