Univention Bugzilla – Attachment 9670 Details for
Bug 47781
Define cronjob for server password change via UCR
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Add UCRV server/password/cron
0001-Bug-47781-Make-time-for-password-change-check-config.patch (text/plain), 7.84 KB, created by
Philipp Hahn
on 2018-09-11 15:15:21 CEST
(
hide
)
Description:
Add UCRV server/password/cron
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2018-09-11 15:15:21 CEST
Size:
7.84 KB
patch
obsolete
>From 26d73164fda350f8853f393a806a1accf90c1844 Mon Sep 17 00:00:00 2001 >Message-Id: <26d73164fda350f8853f393a806a1accf90c1844.1536671687.git.hahn@univention.de> >From: Philipp Hahn <hahn@univention.de> >Date: Tue, 11 Sep 2018 15:10:43 +0200 >Subject: [PATCH] Bug #47781: Make time for password change check configurable >Organization: Univention GmbH, Bremen, Germany > >--- > .../conffiles/etc/cron.d/univention-server-backup | 2 +- > .../conffiles/etc/cron.d/univention-server-master | 2 +- > .../conffiles/etc/cron.d/univention-server-member | 2 +- > .../conffiles/etc/cron.d/univention-server-slave | 2 +- > base/univention-server/debian/changelog | 6 ++++++ > ...-role-server-common.univention-config-registry-variables | 6 ++++++ > .../debian/univention-server-backup.postinst | 1 + > .../debian/univention-server-master.postinst | 1 + > .../debian/univention-server-member.postinst | 1 + > .../debian/univention-server-slave.postinst | 1 + > doc/errata/staging/univention-server.yaml | 13 +++++++++++++ > 11 files changed, 33 insertions(+), 4 deletions(-) > create mode 100644 doc/errata/staging/univention-server.yaml > >diff --git a/base/univention-server/conffiles/etc/cron.d/univention-server-backup b/base/univention-server/conffiles/etc/cron.d/univention-server-backup >index 562a639887..2ce8c456c9 100644 >--- a/base/univention-server/conffiles/etc/cron.d/univention-server-backup >+++ b/base/univention-server/conffiles/etc/cron.d/univention-server-backup >@@ -1,4 +1,4 @@ > @%@UCRWARNING=# @%@ > > PATH=/usr/sbin:/usr/bin:/sbin:/bin >- 0 1 * * * root /usr/sbin/jitter 600 /usr/lib/univention-server/server_password_change >+@%@server/password/cron@%@ root /usr/sbin/jitter 600 /usr/lib/univention-server/server_password_change >diff --git a/base/univention-server/conffiles/etc/cron.d/univention-server-master b/base/univention-server/conffiles/etc/cron.d/univention-server-master >index 562a639887..2ce8c456c9 100644 >--- a/base/univention-server/conffiles/etc/cron.d/univention-server-master >+++ b/base/univention-server/conffiles/etc/cron.d/univention-server-master >@@ -1,4 +1,4 @@ > @%@UCRWARNING=# @%@ > > PATH=/usr/sbin:/usr/bin:/sbin:/bin >- 0 1 * * * root /usr/sbin/jitter 600 /usr/lib/univention-server/server_password_change >+@%@server/password/cron@%@ root /usr/sbin/jitter 600 /usr/lib/univention-server/server_password_change >diff --git a/base/univention-server/conffiles/etc/cron.d/univention-server-member b/base/univention-server/conffiles/etc/cron.d/univention-server-member >index 562a639887..2ce8c456c9 100644 >--- a/base/univention-server/conffiles/etc/cron.d/univention-server-member >+++ b/base/univention-server/conffiles/etc/cron.d/univention-server-member >@@ -1,4 +1,4 @@ > @%@UCRWARNING=# @%@ > > PATH=/usr/sbin:/usr/bin:/sbin:/bin >- 0 1 * * * root /usr/sbin/jitter 600 /usr/lib/univention-server/server_password_change >+@%@server/password/cron@%@ root /usr/sbin/jitter 600 /usr/lib/univention-server/server_password_change >diff --git a/base/univention-server/conffiles/etc/cron.d/univention-server-slave b/base/univention-server/conffiles/etc/cron.d/univention-server-slave >index 562a639887..2ce8c456c9 100644 >--- a/base/univention-server/conffiles/etc/cron.d/univention-server-slave >+++ b/base/univention-server/conffiles/etc/cron.d/univention-server-slave >@@ -1,4 +1,4 @@ > @%@UCRWARNING=# @%@ > > PATH=/usr/sbin:/usr/bin:/sbin:/bin >- 0 1 * * * root /usr/sbin/jitter 600 /usr/lib/univention-server/server_password_change >+@%@server/password/cron@%@ root /usr/sbin/jitter 600 /usr/lib/univention-server/server_password_change >diff --git a/base/univention-server/debian/changelog b/base/univention-server/debian/changelog >index cc45e8640a..50559eeeed 100644 >--- a/base/univention-server/debian/changelog >+++ b/base/univention-server/debian/changelog >@@ -1,3 +1,9 @@ >+univention-server (13.0.0-7) unstable; urgency=low >+ >+ * Bug #47781: Make time for password change check configurable >+ >+ -- Philipp Hahn <hahn@univention.de> Tue, 11 Sep 2018 15:06:25 +0200 >+ > univention-server (13.0.0-6) unstable; urgency=low > > * Bug #47581: improved check when to trigger OX schema issue cleanup >diff --git a/base/univention-server/debian/univention-role-server-common.univention-config-registry-variables b/base/univention-server/debian/univention-role-server-common.univention-config-registry-variables >index 95bb506267..4ebe530911 100644 >--- a/base/univention-server/debian/univention-role-server-common.univention-config-registry-variables >+++ b/base/univention-server/debian/univention-role-server-common.univention-config-registry-variables >@@ -3,3 +3,9 @@ Description[de]=Das Password des Maschinenkontos (gespeichert in /etc/machine.se > Description[en]=The password of the machine account is renewed regularly. This variable configures the rotation interval in days. > Type=int > Categories=system-base >+ >+[server/password/cron] >+Description[de]=Das Zeitpunkt für die Ãbperprüfung des Maschinenkontos auf Erneuerung. Die Konfiguration erfolgt in Cron-Syntax, siehe 'man 5 crontab' >+Description[en]=The point in time for checking the machine account for renewal. The configuration is done in Cron syntax, see 'man 5 crontab'. >+Type=str >+Categories=service-ldap >diff --git a/base/univention-server/debian/univention-server-backup.postinst b/base/univention-server/debian/univention-server-backup.postinst >index 9aaf85720a..7179f99f21 100644 >--- a/base/univention-server/debian/univention-server-backup.postinst >+++ b/base/univention-server/debian/univention-server-backup.postinst >@@ -35,6 +35,7 @@ ldap/server/port?7389 > ldap/server/type?slave > server/password/interval?21 > server/role=domaincontroller_backup >+server/password/cron?0 1 * * * > __UCR__ > > mkdir -p /var/lib/samba/netlogon/scripts/ >diff --git a/base/univention-server/debian/univention-server-master.postinst b/base/univention-server/debian/univention-server-master.postinst >index 699df93fe7..1bc827b6a8 100644 >--- a/base/univention-server/debian/univention-server-master.postinst >+++ b/base/univention-server/debian/univention-server-master.postinst >@@ -38,6 +38,7 @@ ldap/server/port?7389 > ldap/server/type=master > server/password/interval?21 > server/role=domaincontroller_master >+server/password/cron?0 1 * * * > __UCR__ > > mkdir -p /var/lib/samba/netlogon/scripts/ >diff --git a/base/univention-server/debian/univention-server-member.postinst b/base/univention-server/debian/univention-server-member.postinst >index 8bf01d6787..ef97d9276d 100644 >--- a/base/univention-server/debian/univention-server-member.postinst >+++ b/base/univention-server/debian/univention-server-member.postinst >@@ -35,6 +35,7 @@ samba/share/home?no > samba/share/netlogon?no > server/password/interval?21 > server/role=memberserver >+server/password/cron?0 1 * * * > __UCR__ > > #DEBHELPER# >diff --git a/base/univention-server/debian/univention-server-slave.postinst b/base/univention-server/debian/univention-server-slave.postinst >index 6d80837d3f..3e93931cb7 100644 >--- a/base/univention-server/debian/univention-server-slave.postinst >+++ b/base/univention-server/debian/univention-server-slave.postinst >@@ -35,6 +35,7 @@ ldap/server/port?7389 > ldap/server/type?slave > server/password/interval?21 > server/role=domaincontroller_slave >+server/password/cron?0 1 * * * > __UCR__ > > #DEBHELPER# >diff --git a/doc/errata/staging/univention-server.yaml b/doc/errata/staging/univention-server.yaml >new file mode 100644 >index 0000000000..9a0fee8a4c >--- /dev/null >+++ b/doc/errata/staging/univention-server.yaml >@@ -0,0 +1,13 @@ >+product: ucs >+release: "4.3" >+version: [2] >+scope: ucs_4.3-0-errata4.3-2 >+src: univention-server >+fix: >+desc: | >+ This update addresses the following issue: >+ * The machine account password is changed by default every 21 days. That >+ check is by default performed nightly a 01:00 by a cron job. That point of >+ time can now be configured through the new UCRV variable >+ 'server/password/cron'. >+bug: [47781] >-- >2.11.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9670">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 47781
: 9670