Bug 1471021
Summary: | adcli doesn't update kvno while joining system to AD domain (RODC). | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Gaurav Swami <gswami> |
Component: | adcli | Assignee: | Sumit Bose <sbose> |
Status: | CLOSED ERRATA | QA Contact: | Petr Čech <pcech> |
Severity: | medium | Docs Contact: | Aneta Šteflová Petrová <apetrova> |
Priority: | medium | ||
Version: | 7.3 | CC: | mkosek, mthacker, nsoman, pcech, pkis, sbose |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | adcli-0.8.1-4.el7 | Doc Type: | Bug Fix |
Doc Text: |
Kerberos operations depending on KVNO in the keytab file no longer fail when a RODC is used
The *adcli* utility did not handle the key version number (KVNO) properly when updating Kerberos keys on a read-only domain controller (RODC). Consequently, some operations, such as validating a Kerberos ticket, failed because no key with a matching KVNO was found in the keytab file. With this update, *adcli* detects if a RODC is used and handles the KVNO accordingly. As a result, the keytab file contains the right KVNO, and all Kerberos operations depending on this behavior work as expected.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2018-04-10 18:13:14 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Bug Depends On: | |||
Bug Blocks: | 1420851, 1472344, 1477926, 1490412 |
Comment 15
errata-xmlrpc
2018-04-10 18:13:14 UTC
|