uima-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lou DeGenaro (JIRA)" <...@uima.apache.org>
Subject [jira] [Commented] (UIMA-5114) DUCC Web Server (WS) needs better user validation for login
Date Fri, 21 Oct 2016 20:56:58 GMT

    [ https://issues.apache.org/jira/browse/UIMA-5114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15596348#comment-15596348

Lou DeGenaro commented on UIMA-5114:

Two bugs.

1. CmdId runnit() does not include userid on the command line
2. DuccHandlerUserAuthentication.handleDuccServletLogin() does not separate userid@domain
soon enough

> DUCC Web Server (WS) needs better user validation for login
> -----------------------------------------------------------
>                 Key: UIMA-5114
>                 URL: https://issues.apache.org/jira/browse/UIMA-5114
>             Project: UIMA
>          Issue Type: Bug
>          Components: DUCC
>            Reporter: Lou DeGenaro
>            Assignee: Lou DeGenaro
>             Fix For: 2.2.0-Ducc
> A user is able to login to ducc (via ldap) as first.last.  But the actual linux userid
is First.Last, and when ducc_ling tries to employ first.last the switch-to-user fails.
> WS could employ the command "/usr/bin/id first.last" to validate the userid before delegating
to ldap.

This message was sent by Atlassian JIRA

View raw message