never set REMOTE_USER to the value of SSL_CLIENT_S_DN_CN #360
Conversation
evgeni
force-pushed
the
no-dn-user
branch
2 times, most recently
from
fe43bd0 to
0f8aa21
Compare
evgeni
force-pushed
the
no-dn-user
branch
2 times, most recently
from
aa3490e to
b2d793a
Compare
|
Do I want to know why this fails everywhere but CS9?! |
We used to, and when we introduced the current method we had to keep the old configuration around for compatibility due to N-1 Capsules. |
But wasn't this for Pulp2 stuff only? At least that's how decipher https://projects.theforeman.org/issues/35004. Anyway. Old enough to be dropped. |
^ this |
evgeni
force-pushed
the
no-dn-user
branch
2 times, most recently
from
261ab13 to
2cba4e9
Compare
evgeni
force-pushed
the
no-dn-user
branch
3 times, most recently
from
5bc30b7 to
7b5f0c2
Compare
evgeni
force-pushed
the
no-dn-user
branch
2 times, most recently
from
03769ef to
ddfa49f
Compare
| pulpcore::apache_https_cert: '/etc/pulpcore-certs/ca-cert.pem' | ||
| pulpcore::apache_https_key: '/etc/pulpcore-certs/ca-key.pem' | ||
| pulpcore::apache_https_cert: '/etc/pulpcore-certs/client-cert.pem' | ||
| pulpcore::apache_https_key: '/etc/pulpcore-certs/client-key.pem' |
There was a problem hiding this comment.
neither is truly right, but I was too lazy to crate a server-*.pem.
|
If y'all think it's beneficial, I could split out the setup changes into an own PR (and add a dedicated server-cert), and then this would/could be reduced to the original "drop the CN=admin handling"? |
We only deploy a single user in Pulp: admin And we do not give out certs with CN=admin, so there is no point in trying to obtain the REMOTE_USER from the CN.
We only deploy a single user in Pulp: admin
And we do not give out certs with CN=admin, so there is no point in trying to obtain the REMOTE_USER from the CN.