| Summary: | Secured LDAP with Apache httpd module mod_authnz_ldap conflicts with nss | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | fgoldefu | ||||
| Component: | nss | Assignee: | Kai Engert (:kaie) (inactive account) <kengert> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | 6.7 | CC: | fgoldefu, hkario, jhrozek, kengert, nmavrogi, rhatlapa, szidek | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-07-20 14:58:28 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
1. Why is anyone still using nss-pam-ldapd and not sssd? 2. This doesn't look like a bug at all, but a weak crypto was used. The error message tells you what's wrong: TLS: can't connect: TLS error -12156:The server certificate included a public key that was too weak.. Can I close this as NOTABUG? Jean-Frederic Clere <jfclere> updated the status of jira JWS-360 to Closed |
Created attachment 1141657 [details] Config for apache http. Description of problem: Secured LDAP with apache httpd and apache httpd module mod_authnz_ldap conflicts with nss since version 3.19.1-3.el6_6. Version-Release number of selected component (if applicable): nss*3.19.1-3.el6_6 and newer How reproducible: Configure apache httpd secured LDAP. Config file is attached. Steps to Reproduce: 1. Configure httpd secured LDAP 2. Start httpd 3. Add user and try to authenticate. Actual results: TLS: certificate [CN=dhcp-4-207.brq.redhat.com,OU=Directory,O=ASF,C=US] is not valid - error -8181:Peer's Certificate has expired.. TLS: certificate [CN=dhcp-4-207.brq.redhat.com,OU=Directory,O=ASF,C=US] is not valid - error -8179:Peer's Certificate issuer is not recognized.. TLS: error: connect - force handshake failure: errno 115 - moznss error -12156 TLS: can't connect: TLS error -12156:The server certificate included a public key that was too weak.. User is not authorized. Expected results: User is authorized. Additional info: Same problem is on RHEL6.7, RHEL6.8 and RHEL7. Problem occurs with BaseOS httpd and JWS.