Bug 447381 - kerberos principal names were in the wrong case
kerberos principal names were in the wrong case
Status: CLOSED ERRATA
Product: freeIPA
Classification: Community
Component: ipa-server (Show other bugs)
1.0
All Linux
low Severity low
: ---
: ---
Assigned To: Rob Crittenden
Chandrasekar Kannan
:
Depends On:
Blocks: 429034
  Show dependency treegraph
 
Reported: 2008-05-19 14:41 EDT by Jaakan Shorter
Modified: 2015-01-04 18:32 EST (History)
2 users (show)

See Also:
Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-27 03:14:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
ensure hostname is lower case during install & when adding service principals (3.98 KB, patch)
2008-05-20 10:18 EDT, Rob Crittenden
no flags Details | Diff

  None (edit)
Description Jaakan Shorter 2008-05-19 14:41:22 EDT
Description of problem:
3 out of 4 kerberos principal names were in the wrong case  

Version-Release number of selected component (if applicable):
ipa-server-1.0.0-6.fc9.x86_64
bind-9.5.0-29.b2.fc9.x86_64
2.6.25-2.fc9.x86_64.xen

How reproducible:
Hardware Dell PE 2850
Raid 5 - 4 x 146Gb
Fedora core 8 Xen Kernel
12Gb ram

Guest is Fedora core 9 ( updated as of May 19 2008 )
1 Vcpu - 1G ram - 10Gb Harddrive image

Steps to Reproduce:
1. give the server a name with caps in it IE: freeIPA.test.net
1. yum install caching-nameserver
2. yum install ipa-server
3. run ipa-server-install --setup-bind -N
4. reboot
5. run ldapsearch -LLL -x -b "cn=kerberos,dc=test,dc=net" 
  
Actual results:
# ldapsearch -LLL -x -b "cn=kerberos,dc=test,dc=net"
objectclass=krbPrincipalAux dn
dn: krbprincipalname=K/M@TEST.NET,cn=TEST.NET,cn=kerberos,dc=test,dc=
 net

dn: krbprincipalname=krbtgt/TEST.NET@TEST.NET,cn=TEST.NET,cn=kerberos
 ,dc=test,dc=net

dn: krbprincipalname=kadmin/admin@TEST.NET,cn=TEST.NET,cn=kerberos,dc=im
 mport,dc=net

dn: krbprincipalname=kadmin/changepw@TEST.NET,cn=TEST.NET,cn=kerberos,dc
 =test,dc=net

dn: krbprincipalname=kadmin/history@TEST.NET,cn=TEST.NET,cn=kerberos,dc=
 test,dc=net

dn: krbprincipalname=kadmin/freeipa.test.net@TEST.NET,cn=TEST.NET,cn=
 kerberos,dc=test,dc=net

dn: krbprincipalname=ldap/freeIPA.test.net@TEST.NET,cn=TEST.NET,cn=ke
 rberos,dc=test,dc=net

dn: krbprincipalname=host/freeIPA.test.net@TEST.NET,cn=TEST.NET,cn=ke
 rberos,dc=test,dc=net

dn: krbprincipalname=HTTP/freeIPA.test.net@TEST.NET,cn=TEST.NET,cn=ke
 rberos,dc=test,dc=net

Expected results:

# ldapsearch -LLL -x -b "cn=kerberos,dc=test,dc=net" objectclass=krbPrincipalAux dn
dn: krbprincipalname=K/M@TEST.NET,cn=TEST.NET,cn=kerberos,dc=test,dc=
 net

dn: krbprincipalname=krbtgt/TEST.NET@TEST.NET,cn=TEST.NET,cn=kerberos
 ,dc=test,dc=net

dn: krbprincipalname=kadmin/admin@TEST.NET,cn=TEST.NET,cn=kerberos,dc=im
 mport,dc=net

dn: krbprincipalname=kadmin/changepw@TEST.NET,cn=TEST.NET,cn=kerberos,dc
 =test,dc=net

dn: krbprincipalname=kadmin/history@TEST.NET,cn=TEST.NET,cn=kerberos,dc=
 test,dc=net

dn: krbprincipalname=kadmin/freeipa.test.net@TEST.NET,cn=TEST.NET,cn=
 kerberos,dc=test,dc=net

dn: krbprincipalname=ldap/freeipa.test.net@TEST.NET,cn=TEST.NET,cn=ke
 rberos,dc=test,dc=net

dn: krbprincipalname=host/freeipa.test.net@TEST.NET,cn=TEST.NET,cn=ke
 rberos,dc=test,dc=net

dn: krbprincipalname=HTTP/freeipa.test.net@TEST.NET,cn=TEST.NET,cn=ke
 rberos,dc=test,dc=net


Additional info:
Comment 1 Rob Crittenden 2008-05-20 10:18:33 EDT
Created attachment 306126 [details]
ensure hostname is lower case during install & when adding service principals
Comment 2 Rob Crittenden 2008-05-20 15:07:45 EDT
iap-1-0: e7aa0b6c5e4eb472d09744e4c8c1ed916c5ca1ac
master: fcd3260955f38bda970b6cba16b72b576d727b63
Comment 4 Yi Zhang 2008-12-04 20:28:03 EST
did 2 test to verify this scenario

---------------------------
test 1
server32[12/04/08 17:18]~> ipa-addservice CIFS/cIfS.RHQA.Net

server32[12/04/08 17:19]~> /usr/lib/mozldap/ldapsearch -D "cn=directory manager" -w redhat123 -s sub -b "dc=rhqa,dc=net" "" "*" | grep -i "cifs"
dn: krbprincipalname=CIFS/cifs.rhqa.net@RHQA.NET,cn=services,cn=accounts,dc=rh
krbPrincipalName: CIFS/cifs.rhqa.net@RHQA.NET

--------------------------------------
test 2

server32[12/04/08 17:19]~> ipa-addservice otHER/oTHER.RHQA.Netserver32[12/04/08 17:20]~> /usr/lib/mozldap/ldapsearch -D "cn=directory manager" -w redhat123 -s sub -b "dc=rhqa,dc=net" "" "*" | grep -i "OTHER"
description: Limited admins who can edit other users
dn: krbprincipalname=otHER/other.rhqa.net@RHQA.NET,cn=services,cn=accounts,dc=
krbPrincipalName: otHER/other.rhqa.net@RHQA.NET

please pay special attention to test 2, the krbPrincipalName becomes
otHER/other.rhqa.net@RHQA.NET

does "otHER" string suppose to be here?
Please verify this.
Comment 5 Rob Crittenden 2008-12-04 20:43:42 EST
We don't touch the case of the service name. It gets stored as whatever the user passed in. Some service names are upper-case (HTTP) and some are lower-case (host). It is up to the user to specify the right service.
Comment 6 Yi Zhang 2008-12-05 00:51:21 EST
based on Rob's comment, bug closed

Note You need to log in before you can comment on or make changes to this bug.