Bug 907200

Summary: Kerberos Configuration Guide references to a non-existent service
Product: [Fedora] Fedora Documentation Reporter: Jan Včelák <jvcelak>
Component: security-guideAssignee: Eric Christensen <sparks>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Docs QA <docs-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: develCC: nalin, pkennedy, security-guide-list, sparks, zach
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-05 03:10:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Removing deprecated Kerberos daemon and other text. none

Description Jan Včelák 2013-02-03 18:01:49 UTC 
Description of problem:

Kerberos Configuration Guide [1] references to a service "krb524" which does not exist in Fedora 18.

> Start Kerberos using the following commands:
> /sbin/service krb5kdc start
> /sbin/service kadmin start
> /sbin/service krb524 start

I'm not very familiar with Kerberos, but I guess the service was merged into krb5kdc. I will add krb5 maintainer to CC.

[1] http://docs.fedoraproject.org/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html
Comment 1 Nalin Dahyabhai 2013-02-04 16:57:48 UTC 
The krb524 service was obsoleted, along with the rest of the Kerberos IV functionality, in the upstream Kerberos 1.7 release, which was included in Fedora 12.  There is no equivalent; the functionality is gone.
Comment 2 Eric Christensen 2013-02-04 18:02:15 UTC 
So is the entire section of 'Configuring a Kerberos 5 Server' incorrect?
Comment 3 Nalin Dahyabhai 2013-02-04 18:16:14 UTC 
It's still largely correct.

Exceptions: there is no krb524d daemon or init script any more.  The kdb5_util command lives in /usr/sbin now.

I don't know what "(not the Kerberos server)" means in "By default, kinit attempts to authenticate using the same system login username (not the Kerberos server)."

The subsequent client configuration section will need to be updated when we switch to providing systemd unit files instead of xinetd configuration for F19, including
Comment 4 Nalin Dahyabhai 2013-02-04 18:16:44 UTC 
... some of the service names changing.  Apologies for hitting "save changes" too soon there.
Comment 5 Eric Christensen 2013-02-04 18:23:33 UTC 
Created attachment 692937 [details]
Removing deprecated Kerberos daemon and other text.

Does this fix the bug?
Comment 6 Nalin Dahyabhai 2013-02-04 19:04:11 UTC 
I can't speak to the formatting after it's processed, or for the original reporter, but the facts look right to me.
Comment 7 Jan Včelák 2013-02-04 21:49:10 UTC 
Thank you very much! As I said, I do not know Kerberos. But the changes look good to me. I would just suggest to drop the "/usr/sbin" prefixes from the commands.
Comment 8 Eric Christensen 2013-02-05 03:17:08 UTC 
Thanks for pointing out the error.  I've made some changes and will be pushing the changes up at the next available time.