Bug 1265277

Summary: Fix kdcproxy user creation
Product: Red Hat Enterprise Linux 7 Reporter: Jan Cholasta <jcholast>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: drieden, ksiddiqu, mkosek, rcritten, tlavigne
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.2.0-12.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 12:07:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Cholasta 2015-09-22 14:20:20 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/5314

Currently, the kdcproxy user is created in the spec file in the %pre scriptlet of freeipa-server. It does not have a static UID andGID assigned, which violates Fedora and RHEL packaging guidelines.

Fix this by creating the user from ipa-server-install, which is consistent with how DS and CA users are created.
Comment 2 Jan Cholasta 2015-09-22 14:30:32 UTC 
*** Bug 1265276 has been marked as a duplicate of this bug. ***
Comment 3 Jan Cholasta 2015-09-22 14:35:48 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/0de860318332114ca739a8dd45902f7cc9a3c722
ipa-4-2:
https://fedorahosted.org/freeipa/changeset/4663625bbb3456db7f13578e6cac0c3e5fae2591
Comment 4 Jan Cholasta 2015-09-23 14:38:02 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/859590337a1978eb216b9f4ec0750db2fd547a5a
https://fedorahosted.org/freeipa/changeset/4c39561261e79fe1cfdef916eafbcb9c204e77e8
ipa-4-2:
https://fedorahosted.org/freeipa/changeset/5750fbdfe6af63977c37799a083351d146c8bcbe
https://fedorahosted.org/freeipa/changeset/091b119580f7bbd534e7643e09fd33a85d8c010b
Comment 6 Kaleem 2015-10-09 10:35:48 UTC 
Verified.

IPA Version:
============
[root@dhcp207-229 ~]# rpm -q ipa-server
ipa-server-4.2.0-13.el7.x86_64
[root@dhcp207-229 ~]# 

snip from ipaserver-install.log 
===============================
2015-10-09T10:27:22Z DEBUG   duration: 2 seconds
2015-10-09T10:27:22Z DEBUG   [15/19]: create KDC proxy user
2015-10-09T10:27:22Z DEBUG Adding group kdcproxy
2015-10-09T10:27:22Z DEBUG Starting external process
2015-10-09T10:27:22Z DEBUG args='/usr/sbin/groupadd' '-r' 'kdcproxy'
2015-10-09T10:27:23Z DEBUG Process finished, return code=0
2015-10-09T10:27:23Z DEBUG stdout=
2015-10-09T10:27:23Z DEBUG stderr=
2015-10-09T10:27:23Z DEBUG Done adding group
2015-10-09T10:27:23Z DEBUG Adding user kdcproxy
2015-10-09T10:27:23Z DEBUG Starting external process
2015-10-09T10:27:23Z DEBUG args='/usr/sbin/useradd' '-g' 'kdcproxy' '-d' '/var/lib/kdcproxy' '-s' '/sbin/nologin' '-r' 'kdcproxy' '-c' 'IPA KDC Proxy User' '-m'
2015-10-09T10:27:23Z DEBUG Process finished, return code=0
2015-10-09T10:27:23Z DEBUG stdout=
2015-10-09T10:27:23Z DEBUG stderr=useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.

2015-10-09T10:27:23Z DEBUG Done adding user
2015-10-09T10:27:23Z DEBUG   duration: 0 seconds
2015-10-09T10:27:23Z DEBUG   [16/19]: create KDC proxy config
Comment 7 errata-xmlrpc 2015-11-19 12:07:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html