Bug 1265277 - Fix kdcproxy user creation
Fix kdcproxy user creation
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Namita Soman
:
: 1265276 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-22 10:20 EDT by Jan Cholasta
Modified: 2015-11-19 07:07 EST (History)
5 users (show)

See Also:
Fixed In Version: ipa-4.2.0-12.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-19 07:07:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Cholasta 2015-09-22 10:20:20 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/5314

Currently, the kdcproxy user is created in the spec file in the %pre scriptlet of freeipa-server. It does not have a static UID andGID assigned, which violates Fedora and RHEL packaging guidelines.

Fix this by creating the user from ipa-server-install, which is consistent with how DS and CA users are created.
Comment 2 Jan Cholasta 2015-09-22 10:30:32 EDT
*** Bug 1265276 has been marked as a duplicate of this bug. ***
Comment 6 Kaleem 2015-10-09 06:35:48 EDT
Verified.

IPA Version:
============
[root@dhcp207-229 ~]# rpm -q ipa-server
ipa-server-4.2.0-13.el7.x86_64
[root@dhcp207-229 ~]# 

snip from ipaserver-install.log 
===============================
2015-10-09T10:27:22Z DEBUG   duration: 2 seconds
2015-10-09T10:27:22Z DEBUG   [15/19]: create KDC proxy user
2015-10-09T10:27:22Z DEBUG Adding group kdcproxy
2015-10-09T10:27:22Z DEBUG Starting external process
2015-10-09T10:27:22Z DEBUG args='/usr/sbin/groupadd' '-r' 'kdcproxy'
2015-10-09T10:27:23Z DEBUG Process finished, return code=0
2015-10-09T10:27:23Z DEBUG stdout=
2015-10-09T10:27:23Z DEBUG stderr=
2015-10-09T10:27:23Z DEBUG Done adding group
2015-10-09T10:27:23Z DEBUG Adding user kdcproxy
2015-10-09T10:27:23Z DEBUG Starting external process
2015-10-09T10:27:23Z DEBUG args='/usr/sbin/useradd' '-g' 'kdcproxy' '-d' '/var/lib/kdcproxy' '-s' '/sbin/nologin' '-r' 'kdcproxy' '-c' 'IPA KDC Proxy User' '-m'
2015-10-09T10:27:23Z DEBUG Process finished, return code=0
2015-10-09T10:27:23Z DEBUG stdout=
2015-10-09T10:27:23Z DEBUG stderr=useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.

2015-10-09T10:27:23Z DEBUG Done adding user
2015-10-09T10:27:23Z DEBUG   duration: 0 seconds
2015-10-09T10:27:23Z DEBUG   [16/19]: create KDC proxy config
Comment 7 errata-xmlrpc 2015-11-19 07:07:02 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html

Note You need to log in before you can comment on or make changes to this bug.