Bug 1030607 - clockskew detection not available in keyring caches
clockskew detection not available in keyring caches
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: krb5 (Show other bugs)
7.0
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Nalin Dahyabhai
Patrik Kis
http://krbdev.mit.edu/rt/Ticket/Displ...
: Regression
Depends On:
Blocks: 917658
  Show dependency treegraph
 
Reported: 2013-11-14 14:28 EST by Simo Sorce
Modified: 2014-06-17 21:07 EDT (History)
6 users (show)

See Also:
Fixed In Version: krb5-1.11.3-43.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-13 06:04:43 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Simo Sorce 2013-11-14 14:28:29 EST
The new keyring ccache does not store the clock skew detected against the KDC so it cannot adjust expiration/validity dates based on the offset.

The keyring code needs to be patched to keep track of the offset like the FILE/DIR/MEMORY caches do.
Comment 3 Simo Sorce 2013-11-18 10:37:30 EST
Upstream commit to backport: fb4817a32d0c369049e0868468dd2eb75487630d
Comment 6 Simo Sorce 2013-11-19 08:52:25 EST
Create a new client machine, and set the date off by 1 hour in the future.
Do a kinit -l 30m user@REALM
Then do a kvno host/principal@REALM

With the old code, not skew corrected one of the operations above will fail with a clock skew error or a crdentials expired erro.

With the patches they should work as the ccache corrects the base clock (note that klist will always show the 'correct' date (according to the KDC)).
Comment 10 Simo Sorce 2014-01-02 09:11:44 EST
So it fails with the persistent keyring but not with a file cache when the time is 1 day in the future ?
Comment 11 Patrik Kis 2014-01-02 09:55:03 EST
(In reply to Simo Sorce from comment #10)
> So it fails with the persistent keyring but not with a file cache when the
> time is 1 day in the future ?

Exactly.
Comment 12 Nalin Dahyabhai 2014-01-15 15:20:43 EST
I dug into this, and I think we've got two problems when the client's clock is more than (lifetime of creds) ahead of the KDC's.

The one that causes kdestroy to claim that there's no cache, right after we've populated it using kinit, appears to be that we're not incorporating the KDC time offset into the expiration date that we set on keyrings, which in cases where the client clock is ahead of the KDC's, means that the keyring's expiration date can be set to a time in the past.

The one that causes the ticket-expired errors is a bit more complicated - the GSSAPI client library's get_credentials() function is comparing the recorded expiration time of a set of credentials that it's about to use to the current time as returned to kg_new_connection() by krb5_timeofday().

That time is affected by the krb5_context's os_ctx's time_offset member, which is only set from a keyring cache in krb5_krcc_resolve(), which is only called after the clock is read in kg_new_connection(), so the KDC's clock offset is not taken into account in the comparison.

When a file is used, though, the offset is set in krb5_fcc_open_file() when it's called either from krb5_fcc_start_seq_get() or krb5_fcc_next_cred(), which are both called before the clock is read, so the KDC's clock offset is taken into account when the comparison is made.
Comment 13 Nalin Dahyabhai 2014-01-15 16:16:47 EST
(In reply to Nalin Dahyabhai from comment #12)
> The one that causes kdestroy to claim that there's no cache, right after
> we've populated it using kinit, appears to be that we're not incorporating
> the KDC time offset into the expiration date that we set on keyrings, which
> in cases where the client clock is ahead of the KDC's, means that the
> keyring's expiration date can be set to a time in the past.

Actually, the date should be correct, so this shouldn't be a problem.
Comment 14 Nalin Dahyabhai 2014-01-15 18:46:07 EST
Okay, let's try this with -42.
Comment 15 Patrik Kis 2014-01-16 11:27:47 EST
(In reply to Nalin Dahyabhai from comment #14)
> Okay, let's try this with -42.

At first glance the fix looks ok; let me run the test on all arches and we can consider the bug verified.
Comment 16 Nalin Dahyabhai 2014-01-17 14:27:53 EST
krb5-1.11.3-43.el7 includes a different fix that was recently added upstream, so please test with that version instead.  Thanks!
Comment 17 Patrik Kis 2014-01-23 03:28:57 EST
Veridied with: /CoreOS/krb5/Multihost/bz985956-kinit-does-not-work-when-the-client-time-is-more+-

+-----------------------+
 OLD: krb5-1.11.3-34.el7
+-----------------------+

Server:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Server
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Stopping services (Expected 0, got 0)
:: [   PASS   ] :: Cleaning Files (Expected 0, got 0)
:: [   PASS   ] :: Creating backup (Expected 0, got 0)
:: [   PASS   ] :: Running 'rlFileBackup --namespace krb5 /etc/sysconfig/authconfig' (Expected 0, got 0)
:: [   PASS   ] :: Running 'rm -f /etc/sysconfig/authconfig' (Expected 0, got 0)
:: [   PASS   ] :: Running 'sed -i "s/\[libdefaults\]/[libdefaults]\n default_realm = EXAMPLE.COM/" /etc/krb5.conf' (Expected 0, got 0)
:: [   PASS   ] :: Running 'sed -i "s/\[realms\]/[realms]\n EXAMPLE.COM = {\n  kdc = ibm-p730-04-lp4.rhts.eng.bos.redhat.com\n  admin_server = ibm-p730-04-lp4.rhts.eng.bos.redhat.com\n }/" /etc/krb5.conf' (Expected 0, got 0)
:: [   PASS   ] :: Running 'sed -i "s/\[domain_realm\]/[domain_realm]\n .rhts.eng.bos.redhat.com = EXAMPLE.COM\n rhts.eng.bos.redhat.com = EXAMPLE.COM/" /etc/krb5.conf' (Expected 0, got 0)
:: [   PASS   ] :: Running 'sed -i s/EXAMPLE.COM/EXAMPLE.COM/ /var/kerberos/krb5kdc/kdc.conf' (Expected 0, got 0)
:: [   PASS   ] :: Running 'sed -i s/EXAMPLE.COM/EXAMPLE.COM/ /var/kerberos/krb5kdc/kadm5.acl' (Expected 0, got 0)
:: [   PASS   ] :: Running 'restorecon -Rv /etc/krb5.conf /var/kerberos/krb5kdc' (Expected 0, got 0)
:: [   PASS   ] :: Faking entropy generation (Expected 0, got 0)
:: [   PASS   ] :: Realm creation (Expected 0, got 0)
:: [   PASS   ] :: Starting services (Expected 0, got 0)
:: [   PASS   ] :: Adding root krb5 account and password (Expected 0, got 0)
:: [   PASS   ] :: Creating machine key (Expected 0, got 0)
:: [   PASS   ] :: Adding machine to the trusted db (Expected 0, got 0)
:: [   PASS   ] :: Creating service key (Expected 0, got 0)
:: [   PASS   ] :: Adding machine to the trusted db (Expected 0, got 0)
:: [   PASS   ] :: System user creation (Expected 0, got 0)
:: [   PASS   ] :: Adding password (Expected 0, got 0)
:: [   PASS   ] :: Adding user to the krb5 db (Expected 0, got 0)
:: [   PASS   ] :: Updating system to use krb5 authentication (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentification (Expected 0, got 0)
:: [   PASS   ] :: Running 'kadmin.local -q "modprinc +requires_preauth Ariel@EXAMPLE.COM"' (Expected 0, got 0)
:: [   LOG    ] :: openldap_setup function started
:: [   PASS   ] :: Backing up config files that could be changed by openldap (Expected 0, got 0)
:: [   PASS   ] :: Backup slapd sysconfig file (Expected 0, got 0)
:: [   PASS   ] :: Running 'openldap_default_data_ldif dc=example,dc=com example' (Expected 0, got 0)
:: [   PASS   ] :: Enable listening of openldap server on standard (389) and ssl (636) ports (Expected 0, got 0)
:: [   PASS   ] :: Running 'echo "127.0.0.1 example.com" >> /etc/hosts' (Expected 0, got 0)
:: [   PASS   ] :: Creating self-signed CA key & certificate (Expected 0, got 0)
:: [   PASS   ] :: Creating server key & certificate request (Expected 0, got 0)
:: [   PASS   ] :: Signing server certificate (Expected 0, got 0)
:: [   PASS   ] :: Removing pass phrase from server key (Expected 0, got 0)
:: [   PASS   ] :: Running 'mkdir -p /etc/openldap/cacerts' (Expected 0, got 0)
:: [   PASS   ] :: Running 'cp server.key server.crt ca.crt /etc/openldap/cacerts' (Expected 0, got 0)
:: [   PASS   ] :: Running 'chown ldap:ldap /etc/openldap/cacerts/*' (Expected 0, got 0)
:: [   PASS   ] :: Running 'chmod 600 /etc/openldap/cacerts/*' (Expected 0, got 0)
:: [   PASS   ] :: Running 'openldap_create_certs' (Expected 0, got 0)
:: [   PASS   ] :: Running 'slapadd -l data.ldif' (Expected 0, got 0)
:: [   PASS   ] :: Running 'restorecon -vvRF /etc/openldap/' (Expected 0, got 0)
:: [   PASS   ] :: Running 'service slapd start && sleep 10' (Expected 0, got 0)
:: [   PASS   ] :: Setup path to CA certificate in ldap.conf (Expected 0, got 0)
:: [   PASS   ] :: Running 'service slapd status' (Expected 0, got 0)
:: [   LOG    ] :: Try ldapsearch with Manager account
:: [   PASS   ] :: Running 'ldapsearch -H ldap://example.com -b dc=example,dc=com -D cn=Manager,dc=example,dc=com -w x -x '*'' (Expected 0, got 0)
:: [   LOG    ] :: Try ldapsearch with user account
:: [   PASS   ] :: Running 'ldapsearch -H ldap://example.com -b dc=example,dc=com -D cn=admin,ou=People,dc=example,dc=com -w x -x '*'' (Expected 0, got 0)
:: [   PASS   ] :: Running 'openldap_test_setup example.com' (Expected 0, got 0)
:: [   PASS   ] :: Running 'openldap_setup' (Expected 0, got 0)
:: [   PASS   ] :: Running 'restorecon -v /etc/ldap.keytab' (Expected 0, got 0)
:: [   PASS   ] :: Running 'chown -R ldap:ldap /etc/ldap.keytab' (Expected 0, got 0)
:: [   PASS   ] :: Running 'chmod 600 /etc/ldap.keytab' (Expected 0, got 0)
:: [   PASS   ] :: Running 'systemconfig_slapd' (Expected 0, got 0)
:: [   PASS   ] :: Running 'service slapd restart && sleep 10' (Expected 0, got 0)
:: [   PASS   ] :: Running 'service slapd status' (Expected 0, got 0)
:: [   LOG    ] :: Try ldapsearch with Manager account
:: [   PASS   ] :: Running 'ldapsearch -H ldap://ibm-p730-04-lp4.rhts.eng.bos.redhat.com -b dc=example,dc=com -D cn=Manager,dc=example,dc=com -w x -x '*'' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   LOG    ] :: Try ldapsearch with gssapi to local openldap server
:: [   PASS   ] :: Try ldapsearch with gssapi (Expected 0, got 0)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Server ready (Expected 0, got 0)
:: [   PASS   ] :: Waiting for the client (Expected 0, got 0)
:: [   PASS   ] :: Running 'service slapd stop' (Expected 0, got 0)
:: [   PASS   ] :: Running 'openldap_cleanup' (Expected 0, got 0)
:: [   PASS   ] :: Updating system to not use krb5 authentication (Expected 0, got 0)
:: [   PASS   ] :: User Deletion (Expected 0, got 0)
:: [   PASS   ] :: Deleting additional ldap keytab (Expected 0, got 0)
:: [   PASS   ] :: Stop fake entropy generation (Expected 0, got 0)
:: [   PASS   ] :: Running 'rm -rf /var/kerberos/krb5kdc/* /var/kerberos/krb5kdc/.k5* /etc/krb5.keytab /etc/sysconfig/authconfig' (Expected 0, got 0)
:: [   PASS   ] :: Running 'rlFileRestore --namespace krb5' (Expected 0, got 0)
:: [   PASS   ] :: Running 'rlServiceRestore krb5kdc kadmin' (Expected 0, got 0)
:: [   LOG    ] :: Duration: 1m 22s
:: [   LOG    ] :: Assertions: 70 good, 0 bad
:: [   PASS   ] :: RESULT: Server

Client:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Set time/date on client ahead the server time
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'date' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1390550939' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   FAIL   ] :: Try ldapsearch with gssapi (Expected 0, got 2)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1391069339' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   FAIL   ] :: Try ldapsearch with gssapi (Expected 0, got 2)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1392883739' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   FAIL   ] :: Try ldapsearch with gssapi (Expected 0, got 2)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Synchronize time (Expected 0, got 0)
:: [   LOG    ] :: Duration: 12s
:: [   LOG    ] :: Assertions: 14 good, 3 bad
:: [   FAIL   ] :: RESULT: Set time/date on client ahead the server time

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Set time/date on client behind the server time
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'date' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1390378151' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   FAIL   ] :: Try ldapsearch with gssapi (Expected 0, got 2)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1389859751' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   FAIL   ] :: Try ldapsearch with gssapi (Expected 0, got 2)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1388045351' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   FAIL   ] :: Try ldapsearch with gssapi (Expected 0, got 2)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Synchronize time (Expected 0, got 0)
:: [   LOG    ] :: Duration: 13s
:: [   LOG    ] :: Assertions: 14 good, 3 bad
:: [   FAIL   ] :: RESULT: Set time/date on client behind the server time


+-----------------------+
 OLD: krb5-1.11.3-35.el7
+-----------------------+

Server:
The same as above: all PASS.

Client:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Set time/date on client ahead the server time
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'date' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1390551180' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   FAIL   ] :: Try ldapsearch with gssapi (Expected 0, got 2)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1391069580' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   FAIL   ] :: Try ldapsearch with gssapi (Expected 0, got 2)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1392883980' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   FAIL   ] :: Try ldapsearch with gssapi (Expected 0, got 2)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Synchronize time (Expected 0, got 0)
:: [   LOG    ] :: Duration: 13s
:: [   LOG    ] :: Assertions: 14 good, 3 bad
:: [   FAIL   ] :: RESULT: Set time/date on client ahead the server time

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Set time/date on client behind the server time
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'date' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1390378392' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   PASS   ] :: Try ldapsearch with gssapi (Expected 0, got 0)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1389859992' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   PASS   ] :: Try ldapsearch with gssapi (Expected 0, got 0)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1388045592' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   PASS   ] :: Try ldapsearch with gssapi (Expected 0, got 0)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Synchronize time (Expected 0, got 0)
:: [   LOG    ] :: Duration: 15s
:: [   LOG    ] :: Assertions: 17 good, 0 bad
:: [   PASS   ] :: RESULT: Set time/date on client behind the server time

+-----------------------+
 NEW: krb5-1.11.3-43.el7
+-----------------------+

Server:
The same as above: all PASS.

Client:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Set time/date on client ahead the server time
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'date' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1390551372' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   PASS   ] :: Try ldapsearch with gssapi (Expected 0, got 0)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1391069772' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   PASS   ] :: Try ldapsearch with gssapi (Expected 0, got 0)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1392884172' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   PASS   ] :: Try ldapsearch with gssapi (Expected 0, got 0)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Synchronize time (Expected 0, got 0)
:: [   LOG    ] :: Duration: 14s
:: [   LOG    ] :: Assertions: 17 good, 0 bad
:: [   PASS   ] :: RESULT: Set time/date on client ahead the server time

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Set time/date on client behind the server time
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'date' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1390378586' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   PASS   ] :: Try ldapsearch with gssapi (Expected 0, got 0)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1389860186' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   PASS   ] :: Try ldapsearch with gssapi (Expected 0, got 0)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Running 'date -s @1388045786' (Expected 0, got 0)
:: [   PASS   ] :: Kerberos user authentication (Expected 0, got 0)
:: [   PASS   ] :: Running 'klist' (Expected 0, got 0)
:: [   PASS   ] :: Try ldapsearch with gssapi (Expected 0, got 0)
:: [   PASS   ] :: Running 'kdestroy' (Expected 0, got 0)
:: [   PASS   ] :: Synchronize time (Expected 0, got 0)
:: [   LOG    ] :: Duration: 14s
:: [   LOG    ] :: Assertions: 17 good, 0 bad
:: [   PASS   ] :: RESULT: Set time/date on client behind the server time
Comment 18 Ludek Smid 2014-06-13 06:04:43 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.