Bug 1383358

Summary: Appliance Console External Auth incorrectly configs kerberos
Product: Red Hat CloudForms Management Engine Reporter: Satoe Imaishi <simaishi>
Component: ApplianceAssignee: Joe Vlcek <jvlcek>
Status: CLOSED ERRATA QA Contact: amogh <amavinag>
Severity: high Docs Contact:
Priority: medium    
Version: 5.7.0CC: abellott, cpelland, gtanzill, jhardy, mpusater, obarenbo, saali, simaishi
Target Milestone: GA   
Target Release: 5.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: ldap
Fixed In Version: 5.7.0.5 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1380873 Environment:
Last Closed: 2017-01-04 13:02:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:
Embargoed:
Bug Depends On: 1380873    
Bug Blocks:    

Comment 2 Joe Vlcek 2016-10-13 21:20:36 UTC 
$ git log
commit 540f2f92c4040edae436cd6add5623971f8ca9c3
Author: Alberto Bellotti <abellotti.github.com>
Date:   Fri Oct 7 14:04:17 2016 -0400

    Merge pull request #11730 from jvlcek/ipa_dns_lookup

    For external auth configure kerberos to do dns_lookups
    (cherry picked from commit 833a5e0fcbc713c5c095c0dfbebf97db306e2b28)

    https://bugzilla.redhat.com/show_bug.cgi?id=1383358
Comment 3 CFME Bot 2016-10-17 16:20:36 UTC 
New commit detected on ManageIQ/manageiq/euwe:
https://github.com/ManageIQ/manageiq/commit/540f2f92c4040edae436cd6add5623971f8ca9c3

commit 540f2f92c4040edae436cd6add5623971f8ca9c3
Author:     Alberto Bellotti <abellotti.github.com>
AuthorDate: Fri Oct 7 14:04:17 2016 -0400
Commit:     Oleg Barenboim <chessbyte>
CommitDate: Thu Oct 13 15:32:28 2016 -0400

    Merge pull request #11730 from jvlcek/ipa_dns_lookup
    
    For external auth configure kerberos to do dns_lookups
    (cherry picked from commit 833a5e0fcbc713c5c095c0dfbebf97db306e2b28)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1383358

 .../external_httpd_authentication.rb               |  1 +
 .../external_httpd_configuration.rb                | 45 +++++++----
 .../external_httpd_authentication_spec.rb          | 90 ++++++++++++++++++++++
 3 files changed, 120 insertions(+), 16 deletions(-)
Comment 4 amogh 2016-11-18 17:16:43 UTC 
Verified this issue in "5.7.0.11-rc1" and the Fix works fine.

in /etc/krb5.conf.d/:

[libdefaults]
  default_realm = <IPA_SERVER_REALM>
  dns_lookup_realm = true
  dns_lookup_kdc = true
Comment 6 errata-xmlrpc 2017-01-04 13:02:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0012.html