Bug 1063905

Summary: Move ipa-otpd socket directory
Product: Red Hat Enterprise Linux 7 Reporter: Martin Kosek <mkosek>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED CURRENTRELEASE QA Contact: Patrik Kis <pkis>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: borgan, dpal, pkis, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: krb5-1.11.3-46.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1063850 Environment:
Last Closed: 2014-06-13 09:24:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1063850    
Bug Blocks:    

Description Martin Kosek 2014-02-11 15:44:59 UTC 
+++ This bug was initially created as a clone of Bug #1063850 +++

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4167

Upstream has changed the default OTP socket search directory:
https://github.com/krb5/krb5/pull/45

This code will be available in 1.13 by default. We will probably update this change in krb5 1.12 (and maybe 1.11). FreeIPA will need to respect this default. And any update in krb5 which makes this change needs to be synchronized with FreeIPA.
Comment 1 Martin Kosek 2014-02-11 15:45:45 UTC 
This Bugzilla is to track the krb5 change in 7.0.
Comment 2 Martin Kosek 2014-02-11 16:52:38 UTC 
As discussed in a triage meeting, this Bugzilla shall be tested as sanity only. It is a forward looking precaution, to avoid this backwards incompatible change after 7.0.
Comment 3 Nalin Dahyabhai 2014-02-11 18:12:45 UTC 
Testing note:  this change also requires that we create and own /var/run/krb5kdc, and because /run is created fresh at boot-time we've added configuration to trigger its creation on reboot.  Please also verify that a) the directory exists after we install the new krb5-server package fresh and b) that it is there again when the system is booted, whether or not the krb5kdc service is started.
Comment 5 Patrik Kis 2014-02-13 16:02:55 UTC 
(In reply to Nalin Dahyabhai from comment #3)
> Testing note:  this change also requires that we create and own
> /var/run/krb5kdc, and because /run is created fresh at boot-time we've added
> configuration to trigger its creation on reboot.  Please also verify that a)
> the directory exists after we install the new krb5-server package fresh and
> b) that it is there again when the system is booted, whether or not the
> krb5kdc service is started.

Apart if this I can also verify that the KDC connects to a test unix socket (created by socat) on the new location and if the socket name can be configured. Of course I won't be able to check the sanity of of the communication over the socket, but that will be checked later by IPA when the time comes.
I think it will be sufficient test for now. Should you have other ideas, please let me know.
Comment 7 Ludek Smid 2014-06-13 09:24:19 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.