Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 234309

Summary: cyrus-sasl built without support for sasl_keytab
Product: Red Hat Enterprise Linux 5 Reporter: Nalin Dahyabhai <nalin>
Component: cyrus-saslAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED DEFERRED QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: k.georgiou, ralston
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-06-05 20:33:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 200892    
Bug Blocks:    

Description Nalin Dahyabhai 2007-03-28 13:20:03 UTC 
+++ This bug was initially created as a clone of Bug #200892 +++

Description of problem:

cyrus-sasl provides the run-time option "sasl_keytab" for kerberos
authentication, if the kerberos libraries have a certain api 
function. This function is present in the libraries, but not correctly
detected by cyrus-sasl's configure, making the libraries ignore the option.
As this option is the only option to supply multiple applications their
own keytab, this is quiet relevant, as the only alternative is to give
the default keytab world read permissons (which would be a major security
hole)

Version-Release number of selected component (if applicable):

cyrus-sasl-2.1.21-10
(but also 2.1.20-5 (fc4) and 2.1.22-3 (rawhide))

Steps to Reproduce:
1. configure a cyrus-imap server, with "sasl_keytab: /etc/cyrus.keytab"
in /etc/imapd.conf
2. put the imap/host@DOMAIN key into /etc/cyrus.keytab, but not into
/etc/krb5.keytab
3. try to use kerbereos with the server. The configured location is ignored.
  
Actual results:

wrong keytab is used.

Expected results:

configured keytab to be used.

Additional info:

A patch for the fc5 release of the package is appended.

-- Additional comment from strecken.uni-passau.de on 2006-08-01
09:15 EST --
Created an attachment (id=133396)
Patch for cyrus-sasl-2.1.21-10


-- Additional comment from nalin on 2007-02-26 17:26 EST --
Rolling this into 2.1.22-6. Thanks!

-- Additional comment from k.georgiou.uk on 2007-02-26 19:40 EST --
Should we clone this for RHEL5 or is it fixed there as well?

-- Additional comment from nalin on 2007-02-26 19:43 EST --
Hmm, definitely not fixed in RHEL 5 (yet).  I'll clone it later this week (along
with the fix for bug #229640) if you don't get to it first.  Thanks!
Comment 2 RHEL Program Management 2007-06-05 20:33:07 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release.  Since this
bugzilla is in a component that is not approved for the current
release, it has been closed with resolution deferred.  You may
reopen this bugzilla for consideration in the next release.
Comment 3 Kostas Georgiou 2007-06-05 23:40:23 UTC 
Huh? cyrus-sasl is part of RHEL5. Nalin can you please reopen this?