| Summary: | service krb5kdc start unable to get default realm | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Nikolai Kondrashov <nikolai.kondrashov> | ||||
| Component: | krb5 | Assignee: | Nalin Dahyabhai <nalin> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Patrik Kis <pkis> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.5 | CC: | dpal, jplans, pkis, rmainz | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | krb5-1.10.3-20.el6 | Doc Type: | Bug Fix | ||||
| Doc Text: |
Cause: The init script which launches the KDC runs a diagnostic helper first, attempting to diagnose a common upgrade-related error. When there is no default realm configured in /etc/krb5.conf, even if a realm name is set in /etc/sysconfig/krb5kdc, the helper would fail.
Consequence: The attempt to start the KDC would fail.
Fix: A realm set in the /etc/sysconfig/krb5kdc configuration file is also explicitly passed to the helper on its command line.
Result: This error no longer occurs.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-10-14 08:10:28 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1061410 | ||||||
| Attachments: |
|
||||||
Created attachment 799313 [details]
0001-Specify-realm-to-kdb_check_weak-when-defined.patch
The attached patch fixes the problem.
Thanks for spotting this! Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2014-1389.html |
Description of problem: When default realm is set only in /etc/sysconfig/krb5kdc, but neither in DNS nor in /etc/krb5.conf, /etc/init.d/krb5kdc produces the following error message: Error getting default realm: Configuration file does not specify default realm. This message is being output by kdb_check_weak, which is not supplied the configured realm (contrary to krb5kdc itself). Version-Release number of selected component (if applicable): krb5-server-1.10.3-10.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Specify default realm in /etc/sysconfig/krb5kdc 2. Make sure default realm is specified neither in DNS nor in /etc/krb5.conf 3. Execute "service krb5kdc restart" Actual results: Stopping Kerberos 5 KDC: [ OK ] Error getting default realm: Configuration file does not specify default realm. Starting Kerberos 5 KDC: [ OK ] Expected results: Stopping Kerberos 5 KDC: [ OK ] Starting Kerberos 5 KDC: [ OK ]