Bug 231137 - [PATCH]: use instance-less AFS service tickets
Summary: [PATCH]: use instance-less AFS service tickets
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: pam_krb5   
(Show other bugs)
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 249558
TreeView+ depends on / blocked
 
Reported: 2007-03-06 14:24 UTC by Jan Iven
Modified: 2018-10-20 00:43 UTC (History)
3 users (show)

Fixed In Version: 2.1.17-7.el4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-18 20:20:35 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to add "nullafs" option, "-n" for afs5log (6.44 KB, patch)
2007-03-06 14:24 UTC, Jan Iven
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:0987 normal SHIPPED_LIVE pam_krb5 bug fix update 2009-05-18 13:48:11 UTC

Description Jan Iven 2007-03-06 14:24:47 UTC
We see several unsuccessful attempts for AFS service tickets on our KDC per
login, and are trying to reduce these. Our AFS tickets are of the form
"afs@REALM.COM" (i.e. no AFS cell as the instance).

The patch adds a new private option "nullafs" that tells pam_krb5 to not bother
looking for fully-instantiated tickets of the form afs/cell@REALM, and instead
use  afs@REALM directly (otherwise it would fall back to these anyway).
Likewise, afs5log gets an option "-n" that does the same thing.

The attached patch is against 2.2.8-1 (since that is what we use currently), I
can reflow this gainst some different version if this increases the likelihood
of being applied.

Comment 1 Jan Iven 2007-03-06 14:24:59 UTC
Created attachment 149336 [details]
patch to add "nullafs" option, "-n" for afs5log

Comment 2 RHEL Product and Program Management 2007-07-06 18:05:58 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 3 Nalin Dahyabhai 2008-02-15 20:43:42 UTC
The effect that the patch has is already implemented by letting a cell name be
specified along with the principal name of the cell, but I can see it being
somewhat more convenient for the minimal-configuration cases where the module is
figuring out which cells to set tokens for.

Comment 6 Suzanne Yeghiayan 2008-05-28 21:25:47 UTC
Unfortunately this bugzilla was not resolved in time for RHEL 4.7 Beta.
It has now been proposed for inclusion in RHEL 4.8 but must regain Product
Management approval.

Comment 7 RHEL Product and Program Management 2008-09-05 17:09:27 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 12 errata-xmlrpc 2009-05-18 20:20:35 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0987.html


Note You need to log in before you can comment on or make changes to this bug.