Koha/etc at 8f436a50759ae4ca64f85ac5035a933a6d094e3f - Koha-community/Koha - Koha: The world's first free and open source library system

History

Mason James f2196a2e4f Bug 17035 - Koha allows system-wide 'read' access to all Koha zebra databases, by default to test bug... 1/ make a random user 2/ change to random user 3/ access any zebra database with random user and no authentication 4/ read zebra database here is a transcript of the bug... --------------------------- root@xen1:~# adduser bob root@xen1:~# su -l bob bob@xen1:~$ cd /var/lib/koha bob@xen1:/var/lib/koha$ ls topsecret bob@xen1:/var/lib/koha$ yaz-client unix:/var/run/koha/topsecret/bibliosocket Connecting...OK. Sent initrequest. Connection accepted by v3 target. ID : 81 Name : Zebra Information Server/GFS/YAZ Version: 4.2.30 98864b44c654645bc16b2c54f822dc2e45a93031 Options: search present delSet triggerResourceCtrl scan sort extendedServices namedResultSets Elapsed: 0.001002 Z> base biblios; Z> find the Sent searchRequest. Received SearchResponse. Search was a success. Number of hits: 1130, setno 2 SearchResult-1: term=the cnt=1130 records returned: 0 Elapsed: 0.005518 Z> show Sent presentRequest (1+1). Records: 1 [biblios]Record type: USmarc 01824cam a2200397 a 4500 001 000045782309 003 AuCNLKIN 005 20111013213222.0 008 100707s2011 maua 001 0 e ... --------------------------- 5/ apply changes to a Koha instance's config files, that you plan to test 6/ restart zebra for instance # sudo koha-restart-zebra topsecret 7/ repeat steps 2 and 3, but receive a 'bad user/passwd ' error from zebra bob@xen1:~$ yaz-client unix:/var/run/koha/topsecret/bibliosocket Connecting...OK. Sent initrequest. Connection rejected by v3 target. 1: code=1011 (Init/AC: Bad Userid and/or Password), NOTE: this patch currently will only fixes newly created instances, it wont fix existing instances Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Good catch Mason Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>		2016-10-10 12:20:12 +00:00
..
pazpar2
searchengine
zebradb	Bug 17035 - Koha allows system-wide 'read' access to all Koha zebra databases, by default	2016-10-10 12:20:12 +00:00
koha-conf.xml	Bug 17332: Include memcached configuration in koha-conf files	2016-09-25 13:06:35 +00:00
koha-httpd.conf	Bug 17332: Remove memcached config from apache files	2016-09-25 13:06:36 +00:00
log4perl.conf
README.txt
SIPconfig.xml	Bug 17228 - Fix whitespace in etc/SIPconfig.xml	2016-09-02 15:48:14 +00:00

README.txt

Koha Configuration Files:

The following files specify the base configuration for Koha ZOOM:

 * koha-httpd.conf  
In a debian system, this apache configuration file will be symlinked
from /etc/apache2/sites-enabled
Specify Koha's IP address with NameVirtualHost
Set ServerName, etc

 * koha-production.xml  
 * koha-testing.xml 
These are the production and testing configurations for zebrasrv and for Koha.
The first part of each file specifies Zebra server names, indexing configuration files,
and query language configurations.  Koha configuration directives follow. 

 * zebra-authorities.cfg  
 * zebra-biblios.cfg