Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Please backport s4u2proxy fixes from upstream trunk|
|Product:||[Fedora] Fedora||Reporter:||Simo Sorce <ssorce>|
|Component:||krb5||Assignee:||Nalin Dahyabhai <nalin>|
|Status:||CLOSED ERRATA||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||16||CC:||dpal, jgalipea, nalin|
|Fixed In Version:||krb5-1.9.2-6.fc15||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|:||761523 (view as bug list)||Environment:|
|Last Closed:||2012-02-11 17:04:27 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Simo Sorce 2011-12-07 21:53:58 EST
Please apply patches for upstream tickets number: 7046, 7047, 7048 to the krb5 packages. These patches should apply cleanly to 1.9 and 1.10 without issues. They are need for an upcoming version of IPA that uses s4u2proxy constrained delegation. Please note that the upstream committed patch for 7048 is faulty, a fix should be committed shortly and will need to be incorporated as well.
Comment 1 Nalin Dahyabhai 2011-12-13 11:32:08 EST
The patches don't just apply to 1.9. I'm going to need a decent way to test the results before I push them in.
Comment 2 Simo Sorce 2011-12-13 13:13:07 EST
The only stuff that exercise this code is FreeIPA tools in master (after Rob's patches will be applied).
Comment 3 Jenny Galipeau 2012-01-24 11:35:25 EST
Steps to reproduce: 1) install IPA 2) kinit as admin 3) ipa user-show admin No IPA CLI commands will work without this fix
Comment 4 Nalin Dahyabhai 2012-01-30 17:20:12 EST
(In reply to comment #3) > Steps to reproduce: > > 1) install IPA > 2) kinit as admin > 3) ipa user-show admin > > No IPA CLI commands will work without this fix This command already works without the patch. In which version does IPA grow a dependency on these changes, so that it doesn't work without them? And what distinguishes an error caused by this not working from any other error?
Comment 7 Fedora Update System 2012-01-30 19:43:19 EST
krb5-1.9.2-6.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/krb5-1.9.2-6.fc16
Comment 8 Fedora Update System 2012-01-30 19:43:28 EST
krb5-1.9.2-6.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/krb5-1.9.2-6.fc15
Comment 9 Fedora Update System 2012-01-31 16:58:52 EST
Package krb5-1.9.2-6.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing krb5-1.9.2-6.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-1067/krb5-1.9.2-6.fc16 then log in and leave karma (feedback).
Comment 10 Fedora Update System 2012-02-11 17:04:27 EST
krb5-1.9.2-6.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2012-02-16 19:58:21 EST
krb5-1.9.2-6.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.