Bug 1009389

Summary: service krb5kdc start unable to get default realm
Product: Red Hat Enterprise Linux 6 Reporter: Nikolai Kondrashov <nikolai.kondrashov>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: Patrik Kis <pkis>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.5CC: dpal, jplans, pkis, rmainz
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: krb5-1.10.3-20.el6 Doc Type: Bug Fix
Doc Text:
Cause: The init script which launches the KDC runs a diagnostic helper first, attempting to diagnose a common upgrade-related error. When there is no default realm configured in /etc/krb5.conf, even if a realm name is set in /etc/sysconfig/krb5kdc, the helper would fail. Consequence: The attempt to start the KDC would fail. Fix: A realm set in the /etc/sysconfig/krb5kdc configuration file is also explicitly passed to the helper on its command line. Result: This error no longer occurs.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-14 08:10:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1061410    
Attachments:
Description Flags
0001-Specify-realm-to-kdb_check_weak-when-defined.patch none

Description Nikolai Kondrashov 2013-09-18 10:43:26 UTC 
Description of problem:
When default realm is set only in /etc/sysconfig/krb5kdc, but neither in DNS nor in /etc/krb5.conf, /etc/init.d/krb5kdc produces the following error message:

    Error getting default realm: Configuration file does not specify default realm.

This message is being output by kdb_check_weak, which is not supplied the configured realm (contrary to krb5kdc itself).

Version-Release number of selected component (if applicable):
krb5-server-1.10.3-10.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Specify default realm in /etc/sysconfig/krb5kdc
2. Make sure default realm is specified neither in DNS nor in /etc/krb5.conf
3. Execute "service krb5kdc restart"

Actual results:
Stopping Kerberos 5 KDC:                                   [  OK  ]
Error getting default realm: Configuration file does not specify default realm.
Starting Kerberos 5 KDC:                                   [  OK  ]

Expected results:
Stopping Kerberos 5 KDC:                                   [  OK  ]
Starting Kerberos 5 KDC:                                   [  OK  ]
Comment 1 Nikolai Kondrashov 2013-09-18 10:44:59 UTC 
Created attachment 799313 [details]
0001-Specify-realm-to-kdb_check_weak-when-defined.patch

The attached patch fixes the problem.
Comment 2 Nalin Dahyabhai 2013-09-18 15:06:27 UTC 
Thanks for spotting this!
Comment 6 errata-xmlrpc 2014-10-14 08:10:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2014-1389.html