Bug 1281734 - kdb5_ldap_util view_policy does not shows ticket flags on s390x and ppc64
kdb5_ldap_util view_policy does not shows ticket flags on s390x and ppc64
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: krb5 (Show other bugs)
6.8
s390 Unspecified
low Severity low
: rc
: ---
Assigned To: Robbie Harwood
Marek Marusic
: EasyFix
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-13 05:45 EST by Patrik Kis
Modified: 2016-05-10 21:01 EDT (History)
5 users (show)

See Also:
Fixed In Version: krb5-1.10.3-53.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1163402
Environment:
Last Closed: 2016-05-10 21:01:45 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Patrik Kis 2015-11-13 05:45:16 EST
The problem also exists in RHEL-6. Although it's only a cosmetic issue, it can be easily fixed so it would be a nice to have.

+++ This bug was initially created as a clone of Bug #1163402 +++

Description of problem:
This was discovered with upstream test t_kdb.py that is new on krb5-1.12 and I can imagine that it was not executed on big-endian architectures so far. But this is not a regression the same issue was observed on s390x and ppc64 on krb5-1.11 (rhel7.0) and krb5-1.10 (rhel6).

Version-Release number of selected component (if applicable):
krb5-1.10.3-45.el6

How reproducible:
always

Steps to Reproduce:

# kdb5_ldap_util -D "cn=Manager,dc=example,dc=com" -w "secret" create_policy -maxtktlife 3hour -maxrenewlife 6hour -allow_forwardable tktpol
# kdb5_ldap_util -D "cn=Manager,dc=example,dc=com" -w "secret" view_policy tktpol
            Ticket policy: tktpol
      Maximum ticket life: 536870912 days 00:00:00
   Maximum renewable life: 1073741824 days 00:00:00
             Ticket flags: 
# 

It looks like the policy flags are correct in the database only they are not displayed (note the "krbTicketFlags" in the ldapsearch result below), so this is more less a cosmetic issue:

# ldapsearch -h localhost -x -D "cn=Manager,dc=example,dc=com" -w "secret" -b "cn=Kerberos,dc=example,dc=com" "(cn=tktpol)" | grep -v ^\#

dn: cn=tktpol,cn=EXAMPLE.COM,cn=Kerberos,dc=example,dc=com
cn: tktpol
objectClass: krbTicketPolicy
objectClass: krbTicketPolicyAux
krbMaxTicketLife: 10800
krbMaxRenewableAge: 21600
krbTicketFlags: 2

search: 2
result: 0 Success

# kdb5_ldap_util -D "cn=Manager,dc=example,dc=com" -w "secret" modify_policy -maxtktlife 4hour -maxrenewlife 8hour +requires_preauth tktpol
# ldapsearch -h localhost -x -D "cn=Manager,dc=example,dc=com" -w "secret" -b "cn=Kerberos,dc=example,dc=com" "(cn=tktpol)" | grep -v ^\#

dn: cn=tktpol,cn=EXAMPLE.COM,cn=Kerberos,dc=example,dc=com
cn: tktpol
objectClass: krbTicketPolicy
objectClass: krbTicketPolicyAux
krbMaxTicketLife: 14400
krbMaxRenewableAge: 28800
krbTicketFlags: 128

search: 2
result: 0 Success

# kdb5_ldap_util -D "cn=Manager,dc=example,dc=com" -w "secret" view_policy tktpol
            Ticket policy: tktpol
      Maximum ticket life: 715827882 days 16:00:00
   Maximum renewable life: 1431655765 days 08:00:00
             Ticket flags: 

Expected results:
On x86_64:

# kdb5_ldap_util -D "cn=Manager,dc=example,dc=com" -w "secret" create_policy -maxtktlife 3hour -maxrenewlife 6hour -allow_forwardable tktpol
[root@rhel70 LDAP-backend]# kdb5_ldap_util -D "cn=Manager,dc=example,dc=com" -w "secret" view_policy tktpol
            Ticket policy: tktpol
      Maximum ticket life: 0 days 03:00:00
   Maximum renewable life: 0 days 06:00:00
             Ticket flags: DISALLOW_FORWARDABLE
Comment 10 errata-xmlrpc 2016-05-10 21:01:45 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0945.html

Note You need to log in before you can comment on or make changes to this bug.