You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@uima.apache.org by "Lou DeGenaro (JIRA)" <de...@uima.apache.org> on 2016/10/21 20:56:58 UTC

[jira] [Commented] (UIMA-5114) DUCC Web Server (WS) needs better user validation for login

    [ https://issues.apache.org/jira/browse/UIMA-5114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15596348#comment-15596348 ] 

Lou DeGenaro commented on UIMA-5114:
------------------------------------

Two bugs.

1. CmdId runnit() does not include userid on the command line
2. DuccHandlerUserAuthentication.handleDuccServletLogin() does not separate userid@domain soon enough

> DUCC Web Server (WS) needs better user validation for login
> -----------------------------------------------------------
>
>                 Key: UIMA-5114
>                 URL: https://issues.apache.org/jira/browse/UIMA-5114
>             Project: UIMA
>          Issue Type: Bug
>          Components: DUCC
>            Reporter: Lou DeGenaro
>            Assignee: Lou DeGenaro
>             Fix For: 2.2.0-Ducc
>
>
> A user is able to login to ducc (via ldap) as first.last.  But the actual linux userid is First.Last, and when ducc_ling tries to employ first.last the switch-to-user fails.
> WS could employ the command "/usr/bin/id first.last" to validate the userid before delegating to ldap.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)