Bug #9539
closed
HA: admin user's authorized key(s) won't get synced
0%
Description
Follow up from the forums: https://forum.netgate.com/topic/143452/admin-user-not-fully-synced/3
We had that tested on three HA-CARP-Cluster setups and all three showed the same behavior:
- new users are synced master->standby
- changing a new user's authorized_keys field syncs to standby
- changing the admin user's authkeys (just typing in some letters or pasting a whole key) won't sync to the standby system, the field stays empty
Greets
Jens
Updated by James Webb over 5 years ago
This is to do with how users are synced in /usr/local/www/xmlrpc.php
In this file one will find:
else if ($user['uid'] < 2000) {
$u2keep[] = $idx;
} else if ($user != $local_users[$idx]) {
$u2add[] = $user;
$u2del[] = $user;
$u2del_idx[] = $idx;
}
An admin has a uid below 2000, whilst regular users are 2000+. Thus, one will find that the admin user is never updated due to the special case. I will fix this and submit a PR to GitHub soon.
JW
Updated by James Webb over 5 years ago
Discussion ongoing in PR 4068 - https://github.com/pfsense/pfsense/pull/4068
Updated by Jim Pingle about 5 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho about 4 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
- Target version set to 2.5.0
PR https://github.com/pfsense/pfsense/pull/4221 was merged and should fix this
Updated by Max Leighton about 4 years ago
- Status changed from Feedback to Resolved
Tested in
2.5.0-DEVELOPMENT (amd64)
built on Thu Oct 15 07:04:11 EDT 2020
FreeBSD 12.2-STABLE
With the Synchronize admin option checked in System>High Availability Sync, changes to the admin user sync as expected including Authorized SSH Keys.
Marking this ticket resolved.
Updated by Jim Pingle about 4 years ago
- Category changed from User Manager / Privileges to XMLRPC