You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@uima.apache.org by "Lou DeGenaro (JIRA)" <de...@uima.apache.org> on 2016/10/21 20:56:58 UTC
[jira] [Commented] (UIMA-5114) DUCC Web Server (WS) needs better
user validation for login
[ https://issues.apache.org/jira/browse/UIMA-5114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15596348#comment-15596348 ]
Lou DeGenaro commented on UIMA-5114:
------------------------------------
Two bugs.
1. CmdId runnit() does not include userid on the command line
2. DuccHandlerUserAuthentication.handleDuccServletLogin() does not separate userid@domain soon enough
> DUCC Web Server (WS) needs better user validation for login
> -----------------------------------------------------------
>
> Key: UIMA-5114
> URL: https://issues.apache.org/jira/browse/UIMA-5114
> Project: UIMA
> Issue Type: Bug
> Components: DUCC
> Reporter: Lou DeGenaro
> Assignee: Lou DeGenaro
> Fix For: 2.2.0-Ducc
>
>
> A user is able to login to ducc (via ldap) as first.last. But the actual linux userid is First.Last, and when ducc_ling tries to employ first.last the switch-to-user fails.
> WS could employ the command "/usr/bin/id first.last" to validate the userid before delegating to ldap.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)