1397871 – The krb5.conf created by net and winbind does not include the system /etc/krb5.conf

Bug 1397871 - The krb5.conf created by net and winbind does not include the system /etc/krb5.conf

Summary: The krb5.conf created by net and winbind does not include the system /etc/krb...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	samba
Sub Component:
Version:	7.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Andreas Schneider
QA Contact:	Robin Hack
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1399979
TreeView+	depends on / blocked

Reported:	2016-11-23 13:47 UTC by Andreas Schneider
Modified:	2019-12-16 07:25 UTC (History)
CC List:	5 users (show)
Fixed In Version:	samba-4.6.0-0.1.rc3.el7
Doc Type:	Bug Fix
Doc Text:	Cause: Samba doesn't use the default ccache configured in the standard krb5.conf file. Consequence: Samba will not be able to access the credentials stored in the configured default ccache and users are not able to login to services using his tickets. Fix: We include the global krb5.conf to get the default ccache file. Result: Users can authenticate using the default ccache.
Clone Of:
Environment:
Last Closed:	2017-08-01 18:19:59 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:1950	0	normal	SHIPPED_LIVE	Low: samba security, bug fix, and enhancement update	2017-08-01 18:09:24 UTC
Samba Project	12441	0	None	None	None	2016-11-23 13:49:58 UTC

Description Andreas Schneider 2016-11-23 13:47:13 UTC

Description of problem:
The krb5.conf created by 'net' and 'winbind' should include the system /etc/krb5.conf so that we get the system defaults. Currently it doesn't do that and can to lead to some issues if you try to join a domain with Kerberos credentials.

Comment 5 errata-xmlrpc 2017-08-01 18:19:59 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1950

Note You need to log in before you can comment on or make changes to this bug.