Bug 1683578 - sssd_krb5_locator_plugin introduces delay in cifs.upcall krb5 calls [rhel-7.6.z]
Summary: sssd_krb5_locator_plugin introduces delay in cifs.upcall krb5 calls [rhel-7.6.z]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.6
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: sssd-qe
URL:
Whiteboard:
Depends On: 1672527
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-27 09:22 UTC by RAD team bot copy to z-stream
Modified: 2022-03-13 17:02 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1672527
Environment:
Last Closed: 2019-04-23 14:28:24 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 4932 0 None None None 2020-05-04 11:08:44 UTC
Red Hat Product Errata RHBA-2019:0816 0 None None None 2019-04-23 14:28:26 UTC

Description RAD team bot copy to z-stream 2019-02-27 09:22:28 UTC 
This bug has been copied from bug #1672527 and has been proposed to be backported to 7.6 z-stream (EUS).
Comment 6 Niranjan Mallapadi Raghavender 2019-04-10 12:37:57 UTC 
Reproducing the Issue:
=====================
sssd-libwbclient-1.16.2-13.el7.x86_64
sssd-krb5-common-1.16.2-13.el7.x86_64
sssd-ldap-1.16.2-13.el7.x86_64
sssd-proxy-1.16.2-13.el7.x86_64
sssd-tools-1.16.2-13.el7.x86_64
sssd-client-1.16.2-13.el7.x86_64
sssd-common-1.16.2-13.el7.x86_64
sssd-common-pac-1.16.2-13.el7.x86_64
sssd-krb5-1.16.2-13.el7.x86_64
sssd-dbus-1.16.2-13.el7.x86_64
sssd-1.16.2-13.el7.x86_64
sssd-kcm-1.16.2-13.el7.x86_64
python-sssdconfig-1.16.2-13.el7.noarch
sssd-ad-1.16.2-13.el7.x86_64
sssd-ipa-1.16.2-13.el7.x86_64

1. Configure sssd to use ldap provider and krb5 authentication For Users to login 

[sssd]
domains = sssd2016.com
config_file_version = 2
services = nss, pam

[domain/sssd2016.com]
krb5_realm = SSSD2016.COM
id_provider = ldap
chpass_provider = krb5
cache_credentials = True
ldap_uri = ldap://mars.sssd2016.com
ldap_search_base = DC=sssd2016,DC=COM
cache_credentials = False
ldap_referrals = False
id_provider = ldap
ldap_schema = ad
ldap_force_upper_case_realm = true
ldap_id_mapping = true
ldap_sasl_mech = gssapi
ldap_account_expire_policy = ad
ldap_use_tokengroups = true
auth_provider = krb5
ldap_tls_cacert = /etc/openldap/cacerts/cacert.pem
krb5_store_password_if_offline = True
default_shell = /bin/bash
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
debug_level = 9

3. Cat /etc/krb5.conf
[root@sparks ~]# cat /etc/krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt
# default_realm = EXAMPLE.COM
 default_ccache_name = KEYRING:persistent:%{uid}

 default_realm = SSSD2016.COM
[realms]
# EXAMPLE.COM = {
#  kdc = kerberos.example.com
#  admin_server = kerberos.example.com
# }

 SSSD2016.COM = {
 }

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
 sssd2016.com = SSSD2016.COM
 .sssd2016.com = SSSD2016.COM
[root@sparks ~]# 



2. Login as AD user using ssh so that kdcinfo.<DOMAIN> and kpasswd.<DOMAIN> files are created
under /var/lib/sss/pubconf

/var/lib/sss/pubconf
[root@sparks pubconf]# ll
total 8
-rw-r--r--. 1 root root 16 Apr 10 08:27 kdcinfo.SSSD2016.COM
-rw-r--r--. 1 root root 17 Apr 10 08:15 kpasswdinfo.SSSD2016.COM
drwxr-xr-x. 2 sssd sssd 87 Sep  5  2018 krb5.include.d


3. From another terminal as root user run the below kinit command

env SSSD_KRB5_LOCATOR_DEBUG=1 KRB5_TRACE=/dev/stdout kinit Administrator

when prompted for password specify a wrong or no password to check if the port
464 

root@sparks ~]# env SSSD_KRB5_LOCATOR_DEBUG=1 KRB5_TRACE=/dev/stdout kinit Administrator
[27555] 1554898748.181016: Getting initial credentials for Administrator
[27555] 1554898748.181018: Sending unauthenticated request
[27555] 1554898748.181019: Sending request (200 bytes) to SSSD2016.COM
[sssd_krb5_locator] sssd_krb5_locator_init called
[sssd_krb5_locator] Found [10.65.207.18][88].
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[2] locate_service[1]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[2]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[1] locate_service[1]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[1]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_krb5_locator_close called
[27555] 1554898748.181020: Initiating TCP connection to stream 10.65.207.18:88
[27555] 1554898748.181021: Sending TCP request to stream 10.65.207.18:88
[27555] 1554898748.181022: Received answer (157 bytes) from stream 10.65.207.18:88
[27555] 1554898748.181023: Terminating TCP connection to stream 10.65.207.18:88
[sssd_krb5_locator] sssd_krb5_locator_init called
[sssd_krb5_locator] Found [10.65.207.18][88].
[sssd_krb5_locator] Found [10.65.207.18][464].
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[1] locate_service[2]
[sssd_krb5_locator] addr[10.65.207.18:464] family[2] socktype[1]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_krb5_locator_close called
[27555] 1554898748.181024: Response was not from master KDC
[27555] 1554898748.181025: Received error from KDC: -1765328359/Additional pre-authentication required
[27555] 1554898748.181028: Preauthenticating using KDC method data
[27555] 1554898748.181029: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2)
[27555] 1554898748.181030: Selected etype info: etype rc4-hmac, salt "", params ""
Password for Administrator:
[27555] 1554898751.324171: AS key obtained for encrypted timestamp: rc4-hmac/A247
[27555] 1554898751.324173: Encrypted timestamp (for 1554898751.707740): plain 301AA011180F32303139303431303132313931315AA10502030ACC9C, encrypted FC89D373AF3534165D28F2AE73E72B86214AEDEFEDBB216AB28508E87CA238A83A0EF767C10B1AC6E9FAE3605F88288D8865368C
[27555] 1554898751.324174: Preauth module encrypted_timestamp (2) (real) returned: 0/Success
[27555] 1554898751.324175: Produced preauth for next request: PA-ENC-TIMESTAMP (2)
[27555] 1554898751.324176: Sending request (276 bytes) to SSSD2016.COM
[sssd_krb5_locator] sssd_krb5_locator_init called
[sssd_krb5_locator] Found [10.65.207.18][88].
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[2] locate_service[1]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[2]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[1] locate_service[1]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[1]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_krb5_locator_close called
[27555] 1554898751.324177: Initiating TCP connection to stream 10.65.207.18:88
[27555] 1554898751.324178: Sending TCP request to stream 10.65.207.18:88
[27555] 1554898751.324179: Received answer (1526 bytes) from stream 10.65.207.18:88
[27555] 1554898751.324180: Terminating TCP connection to stream 10.65.207.18:88
[sssd_krb5_locator] sssd_krb5_locator_init called
[sssd_krb5_locator] Found [10.65.207.18][88].
[sssd_krb5_locator] Found [10.65.207.18][464].
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[1] locate_service[2]
[sssd_krb5_locator] addr[10.65.207.18:464] family[2] socktype[1]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_krb5_locator_close called
[27555] 1554898751.324181: Response was not from master KDC
[27555] 1554898751.324182: Salt derived from principal: SSSD2016.COMAdministrator
[27555] 1554898751.324183: AS key determined by preauth: rc4-hmac/A247
[27555] 1554898751.324184: Decrypted AS reply; session key is: aes256-cts/EF66
[27555] 1554898751.324185: FAST negotiation: unavailable
[27555] 1554898751.324186: Initializing KEYRING:persistent:0:0 with default princ Administrator
[27555] 1554898751.324187: Storing Administrator -> krbtgt/SSSD2016.COM in KEYRING:persistent:0:0
[27555] 1554898751.324188: Storing config in KEYRING:persistent:0:0 for krbtgt/SSSD2016.COM: pa_type: 2
[27555] 1554898751.324189: Storing Administrator -> krb5_ccache_conf_data/pa_type/krbtgt\/SSSD2016.COM\@SSSD2016.COM@X-CACHECONF: in KEYRING:persistent:0:0
[root@sparks ~]# env SSSD_KRB5_LOCATOR_DEBUG=1 KRB5_TRACE=/dev/stdout kinit Administrator
[27556] 1554898759.377230: Getting initial credentials for Administrator
[27556] 1554898759.377232: Sending unauthenticated request
[27556] 1554898759.377233: Sending request (200 bytes) to SSSD2016.COM
[sssd_krb5_locator] sssd_krb5_locator_init called
[sssd_krb5_locator] Found [10.65.207.18][88].
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[2] locate_service[1]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[2]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[1] locate_service[1]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[1]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_krb5_locator_close called
[27556] 1554898759.377234: Initiating TCP connection to stream 10.65.207.18:88
[27556] 1554898759.377235: Sending TCP request to stream 10.65.207.18:88
[27556] 1554898759.377236: Received answer (157 bytes) from stream 10.65.207.18:88
[27556] 1554898759.377237: Terminating TCP connection to stream 10.65.207.18:88
[sssd_krb5_locator] sssd_krb5_locator_init called
[sssd_krb5_locator] Found [10.65.207.18][88].
[sssd_krb5_locator] Found [10.65.207.18][464].
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[1] locate_service[2]
[sssd_krb5_locator] addr[10.65.207.18:464] family[2] socktype[1]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_krb5_locator_close called
[27556] 1554898759.377238: Response was not from master KDC
[27556] 1554898759.377239: Received error from KDC: -1765328359/Additional pre-authentication required
[27556] 1554898759.377242: Preauthenticating using KDC method data
[27556] 1554898759.377243: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2)
[27556] 1554898759.377244: Selected etype info: etype rc4-hmac, salt "", params ""
Password for Administrator:
[27556] 1554898760.652839: AS key obtained for encrypted timestamp: rc4-hmac/4EE8
[27556] 1554898760.652841: Encrypted timestamp (for 1554898761.43279): plain 301AA011180F32303139303431303132313932315AA105020300A90F, encrypted 693DCFAEED27C776A547C57E0E3444F0801A0570D9EBDC14648BB96278A912FF810E8C65CE06DB72ADD90240DDF90033459ACF0E
[27556] 1554898760.652842: Preauth module encrypted_timestamp (2) (real) returned: 0/Success
[27556] 1554898760.652843: Produced preauth for next request: PA-ENC-TIMESTAMP (2)
[27556] 1554898760.652844: Sending request (276 bytes) to SSSD2016.COM
[sssd_krb5_locator] sssd_krb5_locator_init called
[sssd_krb5_locator] Found [10.65.207.18][88].
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[2] locate_service[1]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[2]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[1] locate_service[1]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[1]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_krb5_locator_close called
[27556] 1554898760.652845: Initiating TCP connection to stream 10.65.207.18:88
[27556] 1554898760.652846: Sending TCP request to stream 10.65.207.18:88
[27556] 1554898761.718373: Received answer (122 bytes) from stream 10.65.207.18:88
[27556] 1554898761.718374: Terminating TCP connection to stream 10.65.207.18:88
[sssd_krb5_locator] sssd_krb5_locator_init called
[sssd_krb5_locator] Found [10.65.207.18][88].
[sssd_krb5_locator] Found [10.65.207.18][464].
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[1] locate_service[2]
[sssd_krb5_locator] addr[10.65.207.18:464] family[2] socktype[1]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_krb5_locator_close called
[27556] 1554898761.718375: Response was not from master KDC
[27556] 1554898761.718376: Received error from KDC: -1765328360/Preauthentication failed
[27556] 1554898761.718379: Preauthenticating using KDC method data
[27556] 1554898761.718380: Processing preauth types: PA-ETYPE-INFO2 (19)
[27556] 1554898761.718381: Selected etype info: etype rc4-hmac, salt "", params ""
[27556] 1554898761.718382: Retrying AS request with master KDC
[27556] 1554898761.718383: Getting initial credentials for Administrator
[27556] 1554898761.718385: Sending unauthenticated request
[27556] 1554898761.718386: Sending request (200 bytes) to SSSD2016.COM (master)
[sssd_krb5_locator] sssd_krb5_locator_init called
[sssd_krb5_locator] Found [10.65.207.18][88].
[sssd_krb5_locator] Found [10.65.207.18][464].
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[2] locate_service[2]
[sssd_krb5_locator] addr[10.65.207.18:464] family[2] socktype[2]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[1] locate_service[2]
[sssd_krb5_locator] addr[10.65.207.18:464] family[2] socktype[1]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_krb5_locator_close called
[27556] 1554898761.718387: Initiating TCP connection to stream 10.65.207.18:464
[27556] 1554898761.718388: Sending TCP request to stream 10.65.207.18:464
[27556] 1554898762.200747: Terminating TCP connection to stream 10.65.207.18:464
[27556] 1554898762.200748: Sending initial UDP request to dgram 10.65.207.18:464
[27556] 1554898765.203935: Sending retry UDP request to dgram 10.65.207.18:464
[27556] 1554898770.209022: Sending retry UDP request to dgram 10.65.207.18:464
kinit: Password incorrect while getting initial credentials

As seen above sssd_krb5_locator plugin tries AD server on port 464 . 


Update the sssd to below versions:

sssd-ipa-1.16.2-13.el7_6.7.x86_64
sssd-proxy-1.16.2-13.el7_6.7.x86_64
sssd-client-1.16.2-13.el7_6.7.x86_64
python-sssdconfig-1.16.2-13.el7_6.7.noarch
sssd-common-1.16.2-13.el7_6.7.x86_64
sssd-common-pac-1.16.2-13.el7_6.7.x86_64
sssd-ad-1.16.2-13.el7_6.7.x86_64
sssd-krb5-1.16.2-13.el7_6.7.x86_64
sssd-1.16.2-13.el7_6.7.x86_64
sssd-krb5-common-1.16.2-13.el7_6.7.x86_64
sssd-ldap-1.16.2-13.el7_6.7.x86_64


Restart sssd and Run the above kinit command

[root@qe-blade-14 pubconf]# env SSSD_KRB5_LOCATOR_DEBUG=1 KRB5_TRACE=/dev/stdout kinit Administrator
[26280] 1554899579.642990: Getting initial credentials for Administrator
[26280] 1554899579.642992: Sending unauthenticated request
[26280] 1554899579.642993: Sending request (200 bytes) to SSSD2016.COM
[sssd_krb5_locator] sssd_krb5_locator_init called
[sssd_krb5_locator] Found [10.65.207.18][88].
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[2] locate_service[1]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[2]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[1] locate_service[1]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[1]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_krb5_locator_close called
[26280] 1554899579.642994: Initiating TCP connection to stream 10.65.207.18:88
[26280] 1554899579.642995: Sending TCP request to stream 10.65.207.18:88
[26280] 1554899580.128031: Received answer (157 bytes) from stream 10.65.207.18:88
[26280] 1554899580.128032: Terminating TCP connection to stream 10.65.207.18:88
[sssd_krb5_locator] sssd_krb5_locator_init called
[sssd_krb5_locator] Found [10.65.207.18][88].
[sssd_krb5_locator] Found [10.65.207.18][464].
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[1] locate_service[2]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[1]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_krb5_locator_close called
[26280] 1554899580.128033: Response was from master KDC
[26280] 1554899580.128034: Received error from KDC: -1765328359/Additional pre-authentication required
[26280] 1554899580.128037: Preauthenticating using KDC method data
[26280] 1554899580.128038: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2)
[26280] 1554899580.128039: Selected etype info: etype rc4-hmac, salt "", params ""
Password for Administrator:
[26280] 1554899582.293153: AS key obtained for encrypted timestamp: rc4-hmac/4EE8
[26280] 1554899582.293155: Encrypted timestamp (for 1554899582.204260): plain 301AA011180F32303139303431303132333330325AA1050203031DE4, encrypted 76CFD1F609AC0F1AB294F2CA5B04379C69960E3332B17E22CEB10709DD201BF5F06B2776F4ECE062225328CF514D10801A259B64
[26280] 1554899582.293156: Preauth module encrypted_timestamp (2) (real) returned: 0/Success
[26280] 1554899582.293157: Produced preauth for next request: PA-ENC-TIMESTAMP (2)
[26280] 1554899582.293158: Sending request (276 bytes) to SSSD2016.COM
[sssd_krb5_locator] sssd_krb5_locator_init called
[sssd_krb5_locator] Found [10.65.207.18][88].
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[2] locate_service[1]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[2]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[1] locate_service[1]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[1]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_krb5_locator_close called
[26280] 1554899582.293159: Initiating TCP connection to stream 10.65.207.18:88
[26280] 1554899582.293160: Sending TCP request to stream 10.65.207.18:88
[26280] 1554899582.293161: Received answer (122 bytes) from stream 10.65.207.18:88
[26280] 1554899582.293162: Terminating TCP connection to stream 10.65.207.18:88
[sssd_krb5_locator] sssd_krb5_locator_init called
[sssd_krb5_locator] Found [10.65.207.18][88].
[sssd_krb5_locator] Found [10.65.207.18][464].
[sssd_krb5_locator] sssd_realm[SSSD2016.COM] requested realm[SSSD2016.COM] family[0] socktype[1] locate_service[2]
[sssd_krb5_locator] addr[10.65.207.18:88] family[2] socktype[1]
[sssd_krb5_locator] [10.65.207.18] used
[sssd_krb5_locator] sssd_krb5_locator_close called
[26280] 1554899582.293163: Response was from master KDC
[26280] 1554899582.293164: Received error from KDC: -1765328360/Preauthentication failed
[26280] 1554899582.293167: Preauthenticating using KDC method data
[26280] 1554899582.293168: Processing preauth types: PA-ETYPE-INFO2 (19)
[26280] 1554899582.293169: Selected etype info: etype rc4-hmac, salt "", params ""
kinit: Password incorrect while getting initial credentials
[

As we can see sssd_krb5_locator plugin doesn't retry the AD server ip on port 464 and tries to connect on port 88.
Comment 8 errata-xmlrpc 2019-04-23 14:28:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0816
Note You need to log in before you can comment on or make changes to this bug.