Bug 476009 - Unknown keyword "enable_krb5" in line 25 of /etc/audisp/audisp-remote.conf
Unknown keyword "enable_krb5" in line 25 of /etc/audisp/audisp-remote.conf
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: audit (Show other bugs)
All Linux
high Severity medium
: rc
: ---
Assigned To: Steve Grubb
Depends On:
  Show dependency treegraph
Reported: 2008-12-11 10:24 EST by Eduard Benes
Modified: 2010-03-02 03:27 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-20 16:57:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch attempting to fix the problem (558 bytes, patch)
2008-12-11 10:41 EST, Steve Grubb
no flags Details | Diff

  None (edit)
Description Eduard Benes 2008-12-11 10:24:21 EST
Description of problem:
When client side configured for remote logging and changing only option 'remote_server',  plugin /sbin/audisp-remote terminates after (re)start of auditd service with message:

 'Unknown keyword "enable_krb5" in line 25 of /etc/audisp/audisp-remote.conf'

Option "enable_krb5" is present in the config by default. So in order to get the remote logging work, it has to be commented out.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Configure one system so server as server for remote logging.
2. Configure other system as client with changing only option 'remote_server' and leaving enable_krb5 option untouched. 
3. Restart auditd service on client. 
Actual results:
No messages loggen on the server. Client side /var/log/messages contains:
Dec 11 10:07:08 nec-em15 auditd[22508]: Started dispatcher: /sbin/audispd pid: 22510
Dec 11 10:07:08 nec-em15 audispd: af_unix plugin initialized
Dec 11 10:07:08 nec-em15 audispd: audispd initialized with q_depth=80 and 2 active plugins
Dec 11 10:07:08 nec-em15 audisp-remote: Unknown keyword "enable_krb5" in line 25 of /etc/audisp/audisp-remote.conf
Dec 11 10:07:08 nec-em15 kernel: type=1305 audit(1229008028.287:208): audit_pid=22508 old=0 by auid=0 subj=root:system_r:auditd_t:s0

Expected results:
Keyword "enable_krb5" should be recognised or at least commented out.

Additional info:
Kerberos support is disabled in this package version.
Comment 1 Steve Grubb 2008-12-11 10:32:44 EST
The easy fix for this is to comment out the krb5 options in the config file. I have a more extensive fix checked into upstream svn, but commenting out the config options is the simplest way to fix the problem.
Comment 2 Steve Grubb 2008-12-11 10:41:15 EST
Created attachment 326631 [details]
Patch attempting to fix the problem

This is the proposed fix. It simply comments out a couple config options.

A more extensive fix is here:


but I think we want the conservative fix for now.
Comment 5 Steve Grubb 2008-12-11 12:03:49 EST
audit-1.7.7-6.el5 was built to solve this problem.
Comment 9 errata-xmlrpc 2009-01-20 16:57:36 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.