Bug 1383358 - Appliance Console External Auth incorrectly configs kerberos
Summary: Appliance Console External Auth incorrectly configs kerberos
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance
Version: 5.7.0
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: GA
: 5.7.0
Assignee: Joe Vlcek
QA Contact: amogh
URL:
Whiteboard: ldap
Depends On: 1380873
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-10 13:02 UTC by Satoe Imaishi
Modified: 2017-03-23 17:03 UTC (History)
8 users (show)

Fixed In Version: 5.7.0.5
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1380873
Environment:
Last Closed: 2017-01-04 13:02:12 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:0012 0 normal SHIPPED_LIVE CFME 5.7.0 bug fixes and enhancement update 2017-01-04 17:50:36 UTC

Comment 2 Joe Vlcek 2016-10-13 21:20:36 UTC 
$ git log
commit 540f2f92c4040edae436cd6add5623971f8ca9c3
Author: Alberto Bellotti <abellotti.github.com>
Date:   Fri Oct 7 14:04:17 2016 -0400

    Merge pull request #11730 from jvlcek/ipa_dns_lookup

    For external auth configure kerberos to do dns_lookups
    (cherry picked from commit 833a5e0fcbc713c5c095c0dfbebf97db306e2b28)

    https://bugzilla.redhat.com/show_bug.cgi?id=1383358
Comment 3 CFME Bot 2016-10-17 16:20:36 UTC 
New commit detected on ManageIQ/manageiq/euwe:
https://github.com/ManageIQ/manageiq/commit/540f2f92c4040edae436cd6add5623971f8ca9c3

commit 540f2f92c4040edae436cd6add5623971f8ca9c3
Author:     Alberto Bellotti <abellotti.github.com>
AuthorDate: Fri Oct 7 14:04:17 2016 -0400
Commit:     Oleg Barenboim <chessbyte>
CommitDate: Thu Oct 13 15:32:28 2016 -0400

    Merge pull request #11730 from jvlcek/ipa_dns_lookup
    
    For external auth configure kerberos to do dns_lookups
    (cherry picked from commit 833a5e0fcbc713c5c095c0dfbebf97db306e2b28)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1383358

 .../external_httpd_authentication.rb               |  1 +
 .../external_httpd_configuration.rb                | 45 +++++++----
 .../external_httpd_authentication_spec.rb          | 90 ++++++++++++++++++++++
 3 files changed, 120 insertions(+), 16 deletions(-)
Comment 4 amogh 2016-11-18 17:16:43 UTC 
Verified this issue in "5.7.0.11-rc1" and the Fix works fine.

in /etc/krb5.conf.d/:

[libdefaults]
  default_realm = <IPA_SERVER_REALM>
  dns_lookup_realm = true
  dns_lookup_kdc = true
Comment 6 errata-xmlrpc 2017-01-04 13:02:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0012.html
Note You need to log in before you can comment on or make changes to this bug.