Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 447381

Summary: kerberos principal names were in the wrong case
Product: [Retired] freeIPA Reporter: Jaakan Shorter <jaakanshorter>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: low Docs Contact:
Priority: low    
Version: 1.0CC: benl, yzhang
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: freeipa-2.0.0-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-27 07:14:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 429034    
Attachments:
Description Flags
ensure hostname is lower case during install & when adding service principals none

Description Jaakan Shorter 2008-05-19 18:41:22 UTC 
Description of problem:
3 out of 4 kerberos principal names were in the wrong case  

Version-Release number of selected component (if applicable):
ipa-server-1.0.0-6.fc9.x86_64
bind-9.5.0-29.b2.fc9.x86_64
2.6.25-2.fc9.x86_64.xen

How reproducible:
Hardware Dell PE 2850
Raid 5 - 4 x 146Gb
Fedora core 8 Xen Kernel
12Gb ram

Guest is Fedora core 9 ( updated as of May 19 2008 )
1 Vcpu - 1G ram - 10Gb Harddrive image

Steps to Reproduce:
1. give the server a name with caps in it IE: freeIPA.test.net
1. yum install caching-nameserver
2. yum install ipa-server
3. run ipa-server-install --setup-bind -N
4. reboot
5. run ldapsearch -LLL -x -b "cn=kerberos,dc=test,dc=net" 
  
Actual results:
# ldapsearch -LLL -x -b "cn=kerberos,dc=test,dc=net"
objectclass=krbPrincipalAux dn
dn: krbprincipalname=K/M,cn=TEST.NET,cn=kerberos,dc=test,dc=
 net

dn: krbprincipalname=krbtgt/TEST.NET,cn=TEST.NET,cn=kerberos
 ,dc=test,dc=net

dn: krbprincipalname=kadmin/admin,cn=TEST.NET,cn=kerberos,dc=im
 mport,dc=net

dn: krbprincipalname=kadmin/changepw,cn=TEST.NET,cn=kerberos,dc
 =test,dc=net

dn: krbprincipalname=kadmin/history,cn=TEST.NET,cn=kerberos,dc=
 test,dc=net

dn: krbprincipalname=kadmin/freeipa.test.net,cn=TEST.NET,cn=
 kerberos,dc=test,dc=net

dn: krbprincipalname=ldap/freeIPA.test.net,cn=TEST.NET,cn=ke
 rberos,dc=test,dc=net

dn: krbprincipalname=host/freeIPA.test.net,cn=TEST.NET,cn=ke
 rberos,dc=test,dc=net

dn: krbprincipalname=HTTP/freeIPA.test.net,cn=TEST.NET,cn=ke
 rberos,dc=test,dc=net

Expected results:

# ldapsearch -LLL -x -b "cn=kerberos,dc=test,dc=net" objectclass=krbPrincipalAux dn
dn: krbprincipalname=K/M,cn=TEST.NET,cn=kerberos,dc=test,dc=
 net

dn: krbprincipalname=krbtgt/TEST.NET,cn=TEST.NET,cn=kerberos
 ,dc=test,dc=net

dn: krbprincipalname=kadmin/admin,cn=TEST.NET,cn=kerberos,dc=im
 mport,dc=net

dn: krbprincipalname=kadmin/changepw,cn=TEST.NET,cn=kerberos,dc
 =test,dc=net

dn: krbprincipalname=kadmin/history,cn=TEST.NET,cn=kerberos,dc=
 test,dc=net

dn: krbprincipalname=kadmin/freeipa.test.net,cn=TEST.NET,cn=
 kerberos,dc=test,dc=net

dn: krbprincipalname=ldap/freeipa.test.net,cn=TEST.NET,cn=ke
 rberos,dc=test,dc=net

dn: krbprincipalname=host/freeipa.test.net,cn=TEST.NET,cn=ke
 rberos,dc=test,dc=net

dn: krbprincipalname=HTTP/freeipa.test.net,cn=TEST.NET,cn=ke
 rberos,dc=test,dc=net


Additional info:
Comment 1 Rob Crittenden 2008-05-20 14:18:33 UTC 
Created attachment 306126 [details]
ensure hostname is lower case during install & when adding service principals
Comment 2 Rob Crittenden 2008-05-20 19:07:45 UTC 
iap-1-0: e7aa0b6c5e4eb472d09744e4c8c1ed916c5ca1ac
master: fcd3260955f38bda970b6cba16b72b576d727b63
Comment 4 Yi Zhang 2008-12-05 01:28:03 UTC 
did 2 test to verify this scenario

---------------------------
test 1
server32[12/04/08 17:18]~> ipa-addservice CIFS/cIfS.RHQA.Net

server32[12/04/08 17:19]~> /usr/lib/mozldap/ldapsearch -D "cn=directory manager" -w redhat123 -s sub -b "dc=rhqa,dc=net" "" "*" | grep -i "cifs"
dn: krbprincipalname=CIFS/cifs.rhqa.net,cn=services,cn=accounts,dc=rh
krbPrincipalName: CIFS/cifs.rhqa.net

--------------------------------------
test 2

server32[12/04/08 17:19]~> ipa-addservice otHER/oTHER.RHQA.Netserver32[12/04/08 17:20]~> /usr/lib/mozldap/ldapsearch -D "cn=directory manager" -w redhat123 -s sub -b "dc=rhqa,dc=net" "" "*" | grep -i "OTHER"
description: Limited admins who can edit other users
dn: krbprincipalname=otHER/other.rhqa.net,cn=services,cn=accounts,dc=
krbPrincipalName: otHER/other.rhqa.net

please pay special attention to test 2, the krbPrincipalName becomes
otHER/other.rhqa.net

does "otHER" string suppose to be here?
Please verify this.
Comment 5 Rob Crittenden 2008-12-05 01:43:42 UTC 
We don't touch the case of the service name. It gets stored as whatever the user passed in. Some service names are upper-case (HTTP) and some are lower-case (host). It is up to the user to specify the right service.
Comment 6 Yi Zhang 2008-12-05 05:51:21 UTC 
based on Rob's comment, bug closed