Bug 1464831 - About the procedure to use gssftp service
About the procedure to use gssftp service
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: doc-System_Level_Authentication_Guide (Show other bugs)
7.3
Unspecified Unspecified
high Severity unspecified
: rc
: ---
Assigned To: Filip Hanzelka
ipa-qe
: Documentation
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-25 21:59 EDT by ddu
Modified: 2017-11-20 08:02 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-11-20 08:02:06 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description ddu 2017-06-25 21:59:57 EDT
Document URL: 

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/Configuring_a_Kerberos_5_Client.html

Section Number and Name: 

11.3. CONFIGURING A KERBEROS CLIENT

Describe the issue: 

In the section 11.3, the doc says [To use other Kerberos-aware network services, install the krb5-server package and start the services. The Kerberos-aware services are listed in Table 11.3, “Common Kerberos-aware Services”.]

But customer complaints that krb5-server package doesn't provide the related service file(like gssftp) in "table 11.3".

Suggestions for improvement: 

Actually in RHEL7, gssftp is provided by krb5-appl-servers package in epel channel.

It would be better to mention that in the documentation.

Additional information: 

This problem is the same in RHEL6.
Comment 3 Robbie Harwood 2017-10-26 11:02:24 EDT
Oh boy.  We really shouldn't be recommending any of the things provided by krb5-appl, not only because they're from EPEL and we shouldn't recommend those, but also because most of them have a very outdated view of security.  Users should use tools like ssh, etc. instead.

I removed krb5-appl in Fedora 27 ( https://bugzilla.redhat.com/show_bug.cgi?id=1474829 ), and we very intentionally don't ship these in rhel7 already.

Note You need to log in before you can comment on or make changes to this bug.