[Spacewalk-list] Spacewalk Proxy 1.6 and non-self signed certificates

Jan Pazdziora jpazdziora at redhat.com
Mon Jan 16 12:15:13 UTC 2012 

On Tue, Jan 10, 2012 at 02:13:40PM -0500, Scott Worthington wrote:
> On Tuesday, January 10, 2012 10:33:54 AM, Jan Pazdziora wrote:
> 
> [...]
> 
> > The error is
> >
> > 	[error] acl fail: user_role(org_admin); system_feature(ftr_proxy_capable); org_channel_family(rhn-proxy); child_channel_candidate(rhn-proxy) at /usr/lib/perl5/vendor_perl/5.8.8/PXT/ApacheAuth.pm line 141.
> >
> > in /var/log/httpd/error_log.
> >
> > Mirek, can you investigate?
> >
> >> Since the Spacewalk Proxy successfully activated to Spacewalk, I
> >> assumed all was go.
> >
> > Yes, your Proxy should be good to go, you just won't be able to see it
> > on the WebUI.
> >
> >> Any idea where else I should look to find out why I am getting a
> >> permission error?
> >
> > It's a .pxt page, so under /var/log/httpd.
> 
> Yes, just as you said, I found the errors  the /var/log/httpd/error_log 
> as:
> 
> acl fail: user_role(org_admin); system_feature(ftr_proxy_capable); 
> org_channel_family(rhn-prdidate(rhn-proxy) at 
> /usr/share/perl5/vendor_perl/PXT/ApacheAuth.pm line 141

Could you please apply the following patch to
/etc/httpd/conf.d/zz-spacewalk-www.conf, restart httpd and see
if it fixes the problem for you?

diff --git a/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf b/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf
index cde64a3..33fcaeb 100644
--- a/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf
+++ b/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf
@@ -161,7 +161,7 @@ PerlModule PXT::ApacheAuth
 	<Files proxy.pxt>
 		ForceType text/pxt
 		SetHandler perl-script
-		require acl mixin RHN::Access::System user_role(org_admin); system_feature(ftr_proxy_capable); org_channel_family(rhn-proxy); child_channel_candidate(rhn-proxy)
+		require acl mixin RHN::Access::System user_role(org_admin); system_feature(ftr_proxy_capable) or system_is_proxy(); org_channel_family(rhn-proxy) or system_is_proxy(); child_channel_candidate(rhn-proxy) or system_is_proxy()
 	</Files>
 
 	<Files activation.pxt>

-- 
Jan Pazdziora
Principal Software Engineer, Satellite Engineering, Red Hat

More information about the Spacewalk-list mailing list