1009389 – service krb5kdc start unable to get default realm

Bug 1009389 - service krb5kdc start unable to get default realm

Summary: service krb5kdc start unable to get default realm

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	krb5
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Nalin Dahyabhai
QA Contact:	Patrik Kis
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1061410
TreeView+	depends on / blocked

Reported:	2013-09-18 10:43 UTC by Nikolai Kondrashov
Modified:	2014-10-14 08:10 UTC (History)
CC List:	4 users (show)
Fixed In Version:	krb5-1.10.3-20.el6
Doc Type:	Bug Fix
Doc Text:	Cause: The init script which launches the KDC runs a diagnostic helper first, attempting to diagnose a common upgrade-related error. When there is no default realm configured in /etc/krb5.conf, even if a realm name is set in /etc/sysconfig/krb5kdc, the helper would fail. Consequence: The attempt to start the KDC would fail. Fix: A realm set in the /etc/sysconfig/krb5kdc configuration file is also explicitly passed to the helper on its command line. Result: This error no longer occurs.
Clone Of:
Environment:
Last Closed:	2014-10-14 08:10:28 UTC
Target Upstream Version:

Attachments	(Terms of Use)
0001-Specify-realm-to-kdb_check_weak-when-defined.patch (1.33 KB, patch) 2013-09-18 10:44 UTC, Nikolai Kondrashov	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2014:1389	0	normal	SHIPPED_LIVE	Moderate: krb5 security and bug fix update	2014-10-14 01:27:10 UTC

Description Nikolai Kondrashov 2013-09-18 10:43:26 UTC

Description of problem:
When default realm is set only in /etc/sysconfig/krb5kdc, but neither in DNS nor in /etc/krb5.conf, /etc/init.d/krb5kdc produces the following error message:

    Error getting default realm: Configuration file does not specify default realm.

This message is being output by kdb_check_weak, which is not supplied the configured realm (contrary to krb5kdc itself).

Version-Release number of selected component (if applicable):
krb5-server-1.10.3-10.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Specify default realm in /etc/sysconfig/krb5kdc
2. Make sure default realm is specified neither in DNS nor in /etc/krb5.conf
3. Execute "service krb5kdc restart"

Actual results:
Stopping Kerberos 5 KDC:                                   [  OK  ]
Error getting default realm: Configuration file does not specify default realm.
Starting Kerberos 5 KDC:                                   [  OK  ]

Expected results:
Stopping Kerberos 5 KDC:                                   [  OK  ]
Starting Kerberos 5 KDC:                                   [  OK  ]

Comment 1 Nikolai Kondrashov 2013-09-18 10:44:59 UTC

Created attachment 799313 [details]
0001-Specify-realm-to-kdb_check_weak-when-defined.patch

The attached patch fixes the problem.

Comment 2 Nalin Dahyabhai 2013-09-18 15:06:27 UTC

Thanks for spotting this!

Comment 6 errata-xmlrpc 2014-10-14 08:10:28 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2014-1389.html

Note You need to log in before you can comment on or make changes to this bug.