Bug 476009 - Unknown keyword "enable_krb5" in line 25 of /etc/audisp/audisp-remote.conf
Unknown keyword "enable_krb5" in line 25 of /etc/audisp/audisp-remote.conf
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: audit (Show other bugs)
5.3
All Linux
high Severity medium
: rc
: ---
Assigned To: Steve Grubb
BaseOS QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-11 10:24 EST by Eduard Benes
Modified: 2010-03-02 03:27 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-20 16:57:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch attempting to fix the problem (558 bytes, patch)
2008-12-11 10:41 EST, Steve Grubb
no flags Details | Diff

  None (edit)
Description Eduard Benes 2008-12-11 10:24:21 EST
Description of problem:
When client side configured for remote logging and changing only option 'remote_server',  plugin /sbin/audisp-remote terminates after (re)start of auditd service with message:

 'Unknown keyword "enable_krb5" in line 25 of /etc/audisp/audisp-remote.conf'

Option "enable_krb5" is present in the config by default. So in order to get the remote logging work, it has to be commented out.

Version-Release number of selected component (if applicable):
audit-1.7.7-5.el5
audispd-plugins-1.7.7-5.el5

How reproducible:

Steps to Reproduce:
1. Configure one system so server as server for remote logging.
2. Configure other system as client with changing only option 'remote_server' and leaving enable_krb5 option untouched. 
3. Restart auditd service on client. 
  
Actual results:
No messages loggen on the server. Client side /var/log/messages contains:
<snip>
...
Dec 11 10:07:08 nec-em15 auditd[22508]: Started dispatcher: /sbin/audispd pid: 22510
Dec 11 10:07:08 nec-em15 audispd: af_unix plugin initialized
Dec 11 10:07:08 nec-em15 audispd: audispd initialized with q_depth=80 and 2 active plugins
Dec 11 10:07:08 nec-em15 audisp-remote: Unknown keyword "enable_krb5" in line 25 of /etc/audisp/audisp-remote.conf
Dec 11 10:07:08 nec-em15 kernel: type=1305 audit(1229008028.287:208): audit_pid=22508 old=0 by auid=0 subj=root:system_r:auditd_t:s0
</snip>

Expected results:
Keyword "enable_krb5" should be recognised or at least commented out.

Additional info:
Kerberos support is disabled in this package version.
Comment 1 Steve Grubb 2008-12-11 10:32:44 EST
The easy fix for this is to comment out the krb5 options in the config file. I have a more extensive fix checked into upstream svn, but commenting out the config options is the simplest way to fix the problem.
Comment 2 Steve Grubb 2008-12-11 10:41:15 EST
Created attachment 326631 [details]
Patch attempting to fix the problem

This is the proposed fix. It simply comments out a couple config options.

A more extensive fix is here:

https://fedorahosted.org/audit/changeset/204

but I think we want the conservative fix for now.
Comment 5 Steve Grubb 2008-12-11 12:03:49 EST
audit-1.7.7-6.el5 was built to solve this problem.
Comment 9 errata-xmlrpc 2009-01-20 16:57:36 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0199.html

Note You need to log in before you can comment on or make changes to this bug.