Zikula AuthFAS issues possibly resolved

David Nalley david at gnsa.us
Fri Sep 11 03:01:21 UTC 2009 

so quick paste of the conversation that Simon and I had while working
to fix the fasauth issues. It appears to work now - some additional -
non-log commentary below as well.

22:25 < ke4qqq> itbegins: ping
22:25 < itbegins> ke4qqq: Hi
22:25 < ke4qqq> hi
22:26 < ke4qqq> so do you have a minute to talk about fasauth
22:26 < itbegins> ke4qqq: Yep...
22:26 < ke4qqq> so....it doesn't work
22:26 < itbegins> I realise everyone has been running aroud looking for me...
22:26 < ke4qqq> and that's with the latest code that is in git
22:26 < itbegins> ke4qqq: Yes, so the immediate thing that springs to
mind is this:
22:26 < itbegins> ke4qqq: It requires that the file in
modules/AuthFas/config gets moved to the config directory
22:27  * ke4qqq goes to look
22:27 < G_work> mmcgrath: smolt related could prob extend your latest
commit to also do that for OEM/Unknown
22:27 < G_work> mmcgrath: ASUS is another one it seems
22:28 < ke4qqq> so that's just a packaging issue then - does it keep
personal_config.php name?? seems like a namespace collision would
happen there
22:29 < itbegins> ke4qqq: So, this is the file that defines where to
look for FAs
22:29 < ke4qqq> right
22:30 < itbegins> ke4qqq: In theory, it can overwrite a file of the same name
22:30 < itbegins> ke4qqq: especially if we run multiple zikula
instances from one file system
22:30 < ke4qqq> but if it's tossed into zikulas config dir how do you
guarantee that no other module will use that name
22:30 < G_work> mmcgrath: hmmm and noone has registered a 96 core
machine to Smolt? thats not on :)
22:31 < itbegins> ke4qqq: Really, personal_config.php should be puppetized
22:31 < itbegins> ke4qqq: It should contain the DB details, and the
FAS details, for any production Zikula instances we have
22:32 < ke4qqq> so I understand that - but my question is around what
happens when some other module is introduced that wants to use
personal_config.php as a config file
                name
22:32 < ke4qqq> or perhaps I am just being dense and not getting it
22:32 < ke4qqq> anyone care if I condrestart httpd on pt6?
22:33 < itbegins> ke4qqq: So, personal_config.php is a developer-aimed file
22:34 < itbegins> ke4qqq: No modules should write to that file, I'm
just using it because I have knowledge of Zikula internals and I know
it works in our situation
22:34 < itbegins> ke4qqq: And, following discussions with abadger1999
it's better to have the FAS URL in a file than, for example, in the db
22:35 < ke4qqq> ahhhhh what should it be going forward? for instance
$modulename_config.php ??
22:37 < itbegins> ke4qqq: So, personal_config.php is included by the
Zikula config.php to allow developers to override configuration
settings and avoid accidentally
                  commiting the overrides to source control.
22:37 < itbegins> ke4qqq: In our case, we'll use it to switch database
details dependent on the domain (so different details for docs. than
fedora insight)
22:38 < ke4qqq> ahhhh cool
22:38 < itbegins> ke4qqq: And we'll also use this file to define
fedora-specific "configuration details"
22:38 < ke4qqq> can you poof me as a cmsadmin in fas test
22:38 < itbegins> ke4qqq: In general, we encourage developers to make
their module details configurable by the admin interface (And thus
stored in the database)
22:39 < itbegins> ke4qqq: But, for example, if an SQL injection is
discovered we don't want a hacker changing the FAS URL so they can
harvest passwords
22:39 < itbegins> ke4qqq: So we're borrowing the config file to hard
code the FAS URL
22:39 < itbegins> ke4qqq: And in reply to the admin, sure, if I can find my pw
22:40 < ke4qqq> ok - I understand now
22:41 < itbegins> ke4qqq: approved :)
22:42 < ke4qqq> cool !!! and it appears to work
22:42 < ke4qqq> awesome
22:43 < ke4qqq> so since the 'thought' is that fas auth is going to go
public - should we keep that file in the module configdir and just add
a readme that notes where it
                goes (I don't want to overwrite someones devel config
by putting it there in the package)
22:44 < itbegins> ke4qqq: Yeah, I think so - the documentation at the
moment consists of the CVS commit :)
22:44 < itbegins> ke4qqq: Correction, the git commit :)
22:45 < ke4qqq> ok - I'll add a readme file in the next day or so.
22:45 < jds2001> ke4qqq: that's what %config(noreplace) is for :)
22:47 < ke4qqq> jds2001: ohhhh yeah - good idea. *slaps forehead*
22:49 < ke4qqq> itbegins: thanks for the help - I think it's working
properly now. - I'll post the log of this shortly



there was a personal_config.php file (and it may soon be overwritten
by puppet) in zikula's config dir. The files were different, but when
I diffed them, all I saw was:
[ke4qqq at publictest6 config]$ diff personal_config.php opc.hph
14c14
< $FedConfig['FAS']['SSL_VERIFY'] = false;
\ No newline at end of file
---
> $FedConfig['FAS']['SSL_VERIFY'] = false;


Perhaps someone else resolved this issue and it was already working
(the ticket in marketing didn't indicate so, so I assumed it was still
broken and when I saw itbegins on I decided to tackle him and work on
the issue.)

More information about the logistics mailing list