RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1172578 - CLI doesn't show SSHFP records with SHA256 added via nsupdate (regression)
Summary: CLI doesn't show SSHFP records with SHA256 added via nsupdate (regression)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.1
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-12-10 12:05 UTC by Petr Vobornik
Modified: 2015-03-05 10:18 UTC (History)
3 users (show)

Fixed In Version: ipa-4.1.0-12.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 10:18:53 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0442 0 normal SHIPPED_LIVE Moderate: ipa security, bug fix, and enhancement update 2015-03-05 14:50:39 UTC

Description Petr Vobornik 2014-12-10 12:05:12 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4789

Error is caused by extra whitespace, which is added by named/nsupdate in fingerprint part.

{{{
$ dig ipa.example.com. sshfp
...
;; ANSWER SECTION:
ipa.example.com. 1200	IN	SSHFP	1 2 37BF6366A44B67F6CA8FF8A8313B7C964CEA971CCB3E092D775FDF08 2170AAA4
ipa.example.com. 1200	IN	SSHFP	3 1 3651173F6737DF24EB6494434AC5968B3C90B749
ipa.example.com. 1200	IN	SSHFP	1 1 8FD003E98D818E4E2813672234410835AB5844AC
ipa.example.com. 1200	IN	SSHFP	3 2 97EF4030A9DD471A3D4730A819B3A662E11994BB20AFC56FC3875AB1 662260BF
....

$ ipa dnsrecord-show example.com. ipa
  Record name: ipa
  SSHFP record: 1 1 8FD003E98D818E4E2813672234410835AB5844AC, 3 1 3651173F6737DF24EB6494434AC5968B3C90B749
...

$ ipa dnsrecord-show example.com ipa --raw
  idnsname: ipa
  sshfprecord: 1 1 8FD003E98D818E4E2813672234410835AB5844AC
  sshfprecord: 1 2 37BF6366A44B67F6CA8FF8A8313B7C964CEA971CCB3E092D775FDF08 2170AAA4
  sshfprecord: 3 1 3651173F6737DF24EB6494434AC5968B3C90B749
  sshfprecord: 3 2 97EF4030A9DD471A3D4730A819B3A662E11994BB20AFC56FC3875AB1 662260BF
...

}}}
Comment 1 Petr Vobornik 2014-12-10 12:07:33 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4790
Comment 2 Jan Cholasta 2014-12-10 18:37:12 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/b5ff0b941efad5170ff5fdda4ab05b9f1c7a2113
ipa-4-1:
https://fedorahosted.org/freeipa/changeset/d229c4a1cc397cfe6adf661b6bcc8360a758248c
Comment 4 Namita Soman 2015-01-27 13:23:03 UTC 
Verified using:
ipa-server-4.1.0-16.el7.x86_64

Installed client (qe-blade-09.testrelm.test)

# dig qe-blade-09.testrelm.test. sshfp
<..snip..>
;; ANSWER SECTION:
qe-blade-09.testrelm.test. 1200	IN	SSHFP	1 1 3708EC9B40C0ACDF5C6F6ADA5B318E5DBBED6FA4
qe-blade-09.testrelm.test. 1200	IN	SSHFP	3 2 F4CD5D3A35AF65BE8097BC9B423AEFFC1FEAAE470214F7B1D235C90B E6F7CD37
qe-blade-09.testrelm.test. 1200	IN	SSHFP	3 1 107636A8578166B4E6885ECD79C26D6465BF2BE9
qe-blade-09.testrelm.test. 1200	IN	SSHFP	1 2 A4C32A6CEBCA47D1E05BE5CC091617FBCA33ECBF530B1F64FA96BAC3 A585DED0
<..snip..>


# ipa dnsrecord-show testrelm.test  qe-blade-09 --all 
  dn: idnsName=qe-blade-09,idnsname=testrelm.test.,cn=dns,dc=testrelm,dc=test
  Record name: qe-blade-09
  Time to live: 1200
  A record: 10.16.76.40
  SSHFP record: 1 1 3708EC9B40C0ACDF5C6F6ADA5B318E5DBBED6FA4, 3 1 107636A8578166B4E6885ECD79C26D6465BF2BE9, 1 2 A4C32A6CEBCA47D1E05BE5CC091617FBCA33ECBF530B1F64FA96BAC3 A585DED0, 3 2
                F4CD5D3A35AF65BE8097BC9B423AEFFC1FEAAE470214F7B1D235C90B E6F7CD37
  objectclass: top, idnsRecord



# ipa dnsrecord-show testrelm.test  qe-blade-09 --all --raw
  dn: idnsName=qe-blade-09,idnsname=testrelm.test.,cn=dns,dc=testrelm,dc=test
  idnsname: qe-blade-09
  arecord: 10.16.76.40
  sshfprecord: 1 1 3708EC9B40C0ACDF5C6F6ADA5B318E5DBBED6FA4
  sshfprecord: 1 2 A4C32A6CEBCA47D1E05BE5CC091617FBCA33ECBF530B1F64FA96BAC3 A585DED0
  sshfprecord: 3 1 107636A8578166B4E6885ECD79C26D6465BF2BE9
  sshfprecord: 3 2 F4CD5D3A35AF65BE8097BC9B423AEFFC1FEAAE470214F7B1D235C90B E6F7CD37
  dNSTTL: 1200
  objectClass: idnsRecord
  objectClass: top
Comment 6 errata-xmlrpc 2015-03-05 10:18:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html
Note You need to log in before you can comment on or make changes to this bug.