Bug 727863
Summary: | Add support for new xmlrpc-c API to do GSSAPI delegation | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Rob Crittenden <rcritten> | |
Component: | certmonger | Assignee: | Nalin Dahyabhai <nalin> | |
Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | |
Severity: | urgent | Docs Contact: | ||
Priority: | urgent | |||
Version: | 6.2 | CC: | dpal, jgalipea, jwest, kchamart | |
Target Milestone: | rc | Keywords: | ZStream | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | certmonger-0.45-1.el6 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 727864 (view as bug list) | Environment: | ||
Last Closed: | 2011-12-06 17:37:50 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 719945 | |||
Bug Blocks: | 727864, 729804 |
Description
Rob Crittenden
2011-08-03 13:02:16 UTC
It looks like the currently-proposed patch requires us to set "gss_delegate" to 1 in the right xmlrpc_curl_xportparms structure that we pass to xmlrpc_client_create(). We'll need to have the patch added to the xmlrpc-c package (preferably after it's integrated into upstream's tree) and to have that updated version of xmlrpc-c tagged into the buildroot before we can build a fixed certmonger. I can make the code changes in certmonger before that, but they can't be tested properly without an xmlrpc-c. Making the xmlrpc-c bug block this one. verified: ipa-client-install --domain=testrelm --realm=TESTRELM -p admin -w Secret123 -U --server=ipaqavme.testrelm Discovery was successful! Hostname: hp-dl380g6-01.testrelm Realm: TESTRELM DNS Domain: testrelm IPA Server: ipaqavme.testrelm BaseDN: dc=testrelm Enrolled in IPA realm TESTRELM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm TESTRELM Warning: Hostname (hp-dl380g6-01.testrelm) not found in DNS DNS server record set to: hp-dl380g6-01.testrelm -> 10.16.65.39 SSSD enabled Kerberos 5 enabled NTP enabled Client configuration complete. [root@hp-dl380g6-01 ~]# kinit admin Password for admin@TESTRELM: [root@hp-dl380g6-01 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin@TESTRELM Valid starting Expires Service principal 09/21/11 11:38:40 09/22/11 11:38:36 krbtgt/TESTRELM@TESTRELM versions: curl-7.19.7-26.el6_1.2.x86_64 xmlrpc-c-1.16.24-1200.1840.el6_1.4.x86_64 certmonger-0.46-1.el6.x86_64 ipa-client-2.1.1-3.el6.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1708.html |