Bug #9539
closed
HA: admin user's authorized key(s) won't get synced
Added by Jens Groh over 5 years ago.
Updated about 4 years ago.
Description
Follow up from the forums: https://forum.netgate.com/topic/143452/admin-user-not-fully-synced/3
We had that tested on three HA-CARP-Cluster setups and all three showed the same behavior:
- new users are synced master->standby
- changing a new user's authorized_keys field syncs to standby
- changing the admin user's authkeys (just typing in some letters or pasting a whole key) won't sync to the standby system, the field stays empty
Greets
Jens
This is to do with how users are synced in /usr/local/www/xmlrpc.php
In this file one will find:
else if ($user['uid'] < 2000) {
$u2keep[] = $idx;
} else if ($user != $local_users[$idx]) {
$u2add[] = $user;
$u2del[] = $user;
$u2del_idx[] = $idx;
}
An admin has a uid below 2000, whilst regular users are 2000+. Thus, one will find that the admin user is never updated due to the special case. I will fix this and submit a PR to GitHub soon.
JW
Fixing this may also fix #9622
- Status changed from New to Pull Request Review
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
- Target version set to 2.5.0
- Status changed from Feedback to Resolved
Tested in
2.5.0-DEVELOPMENT (amd64)
built on Thu Oct 15 07:04:11 EDT 2020
FreeBSD 12.2-STABLE
With the Synchronize admin option checked in System>High Availability Sync, changes to the admin user sync as expected including Authorized SSH Keys.
Marking this ticket resolved.
- Category changed from User Manager / Privileges to XMLRPC
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by