Bug 1468028

Summary: auth_gssapi plugin should be disabled by default
Product: [Fedora] Fedora Reporter: bharper <ben.harper>
Component: mariadbAssignee: Michal Schorm <mschorm>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: carl, dciabrin, hhorak, jstanek, mbayer, mkocka, mmuzila, mschorm, praiskup
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-28 09:59:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description bharper 2017-07-05 19:45:02 UTC 
Description of problem:

In current builds of mariadb, the auth_gssapi plugin is enabled by default but needs the /etc/krb5.keytab file to start without errors.


Version-Release number of selected component (if applicable):

mariadb-common-10.1.24-3.fc25.x86_64
mariadb-config-10.1.24-3.fc25.x86_64
mariadb-libs-10.1.24-3.fc25.x86_64
mariadb-server-10.1.24-3.fc25.x86_64
mariadb-errmsg-10.1.24-3.fc25.x86_64
mariadb-10.1.24-3.fc25.x86_64
mariadb-server-utils-10.1.24-3.fc25.x86_64

How reproducible:

Errors are logged when /etc/krb5.keytab has not been created.


Steps to Reproduce:
1. On a new server, install mariadb-server
2. systemctl start mariadb
3. check logs

Actual results:
2017-07-05 18:02:48 140116306090304 [Warning] mysqld: GSSAPI plugin : default principal 'mariad
b/ben@' not found in keytab
2017-07-05 18:02:48 140116306090304 [ERROR] mysqld: Server GSSAPI error (major 851968, minor 25
29639093) : gss_acquire_cred failed -Unspecified GSS failure.  Minor code may provide more info
rmation. Keytab FILE:/etc/krb5.keytab is nonexistent or empty. 
2017-07-05 18:02:48 140116306090304 [ERROR] Plugin 'gssapi' init function returned error.

Expected results:
Mariadb should start without any errors without the /etc/krb5.keytab file.

Additional info:
The plugin can be commented out with the following:

sed -i s/^plugin-load-add=auth_gssapi.so/#plugin-load-add=auth_gssapi.so/g /etc/my.cnf.d/auth_gssapi.cnf
Comment 1 bharper 2017-07-06 12:07:34 UTC 
The sed line for the SPEC file can be something like this:

sed -i 's|^plugin-load-add=auth_gssapi.so|#plugin-load-add=auth_gssapi.so|' %{buildroot}%{_sysconfdir}/my.cnf.d/auth_gssapi.cnf
Comment 2 Michal Schorm 2017-07-11 12:21:06 UTC 
Thanks for the report.

I disabled the GssApi plugin by default.
Comment 3 Fedora Update System 2017-07-12 06:16:16 UTC 
mariadb-10.1.25-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-1c581dc391
Comment 4 Fedora Update System 2017-07-12 15:53:23 UTC 
mariadb-10.1.25-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-5a6f49afbd
Comment 5 Fedora Update System 2017-07-12 16:25:12 UTC 
mariadb-10.1.25-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-ebeb4bb332
Comment 6 Fedora Update System 2017-07-12 18:22:33 UTC 
mariadb-10.1.25-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-1c581dc391
Comment 7 Fedora Update System 2017-07-17 04:52:52 UTC 
mariadb-10.1.25-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2017-07-27 19:50:14 UTC 
mariadb-10.1.25-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2017-07-27 21:52:19 UTC 
mariadb-10.1.25-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.