Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-661

Remove broken macauthorization provider from core types

    Details

    • CS Priority:
      Reviewed

      Description

      Update 12/22: Based on comments from Allister and Nigel this should be removed from core types. That may need to wait until Puppet 5 for semver reasons.

      In OS X 10.9, `/etc/authorization` has been "deprecated"; as of the GM, the update will move `/etc/authorization` to `/etc/authorization.deprecated`.

      There is now `/System/Library/Security/authorization.plist` but it seems to just be the defaults; changing a right with the `security authorizationdb` command doesn't change that file, but instead updates a sqlite db at `/var/db/auth.db`.

      I did some quick testing, and just changing `AuthDB` in `puppet/provider/macauthorization/macauthorization.rb` isn't enough because the provider reads the plist to determine current state, but in the 10.9 world the current state is reflected in the `auth.db` file (or the output of `security authorizationdb` commands) so even when a right change is applied, puppet doesn't know.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  redmine.exporter redmine.exporter
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  9 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: