Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-4741

authentication configuration page still uses "profiles" table

    XMLWordPrintable

Details

    • Incident report
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.0.0rc1
    • 2.0.2rc1, 2.1.0
    • Frontend (F)
    • None

    Description

      We are considering Administration -> Authentication page.
      As we know in the 1.8 frontend if an user selects any value of "Default authentication" it is preserved in the "profiles" table.
      Then this value will be shown when the user visits the page, disregarding on fact that actual authentication stored in a "config" table and it can be different (yes, I know about an visible checkbox).

      A value stored in the profiles table:
      mysql> SELECT userid, idx, value_int FROM `profiles` WHERE `idx` LIKE '%authentication%';
      ------------------------------------------

      userid idx value_int

      ------------------------------------------

      1 web.authentication.config 0

      ------------------------------------------

      Where "value_int" it's last time selected authentication_type:
      0 - internal (authenticated by Zabbix)
      1 - External LDAP
      2 - External HTTP

      A scenario:
      1. Suppose a zabbix super admin using 1.8.x frontend once has selected HTTP (or LDAP is similar example) authentication and left it (without saving changes).
      2. He has upgraded to 2.0 version.
      3. Once it opened the Administration -> Authentication page (using 2.0 frontend already).
      4. He will see that "HTTP" radio-button will be highlighted which should mean the HTTP default authentication, but he knows that actually "Internal" should be highlighted.
      5. He clicks on "Internal" button and will see that Save button is not "clickable" (not active).
      My guess - the Save button is not active because in the "config" table the current "Internal" auth already defined.

      So it's bad behavior which can mislead users.

      To solve this case I'm suggesting to not use "profiles" table to store the "idx=web.authentication.config" record at all but use only "config" table to show actual current default authentication method.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              zalex_ua Oleksii Zagorskyi
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: