svn path=/trunk/packages/invirt-web/; revision=1947
pass
def getAfsGroupMembers(group, cell):
pass
def getAfsGroupMembers(group, cell):
- p = subprocess.Popen(["pts", "membership", "-noauth", group, '-c', cell],
+ p = subprocess.Popen(["pts", "membership", "-encrypt", group, '-c', cell],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
err = p.stderr.read()
if err: #Error code doesn't reveal missing groups, but stderr does
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
err = p.stderr.read()
if err: #Error code doesn't reveal missing groups, but stderr does
# may differ dev/prod?
files/etc/apache2/sites-available/default: assumes trac
files/etc/init.d/apache2.invirt: afs cell (for svn)
# may differ dev/prod?
files/etc/apache2/sites-available/default: assumes trac
files/etc/init.d/apache2.invirt: afs cell (for svn)
+invirt-cache-acls: aklog athena sipb
code/templates/error.tmpl: xvm@mit.edu
code/templates/help.tmpl: assumes trac
code/templates/list.tmpl: XVM
code/templates/error.tmpl: xvm@mit.edu
code/templates/help.tmpl: assumes trac
code/templates/list.tmpl: XVM
invirt-web (0.0.16) unstable; urgency=low
invirt-web (0.0.16) unstable; urgency=low
+ * Fix a security vulnerability: traditional `pts mem` is in cleartext
+ and could be spoofed. Use new -encrypt option, which needs tokens.
+
* make initscript stop command not leave apache2 processes lying around
(so that restart works)
* make initscript stop command not leave apache2 processes lying around
(so that restart works)
- -- Greg Price <price@mit.edu> Fri, 19 Dec 2008 22:34:31 -0500
+ -- Greg Price <price@mit.edu> Tue, 30 Dec 2008 17:31:48 -0500
invirt-web (0.0.15) unstable; urgency=low
invirt-web (0.0.15) unstable; urgency=low
-*/5 * * * * www-data python /var/www/invirt-web/cache_acls.py
+*/5 * * * * www-data invirt-cache-acls
+invirt-cache-acls /usr/bin/
--- /dev/null
+#!/bin/sh
+kinit -k -t /etc/invirt/keytab daemon/$(hostname -f)
+aklog athena sipb
+python /var/www/invirt-web/cache_acls.py