Red Hat Bugzilla – Bug 476009
Unknown keyword "enable_krb5" in line 25 of /etc/audisp/audisp-remote.conf
Last modified: 2010-03-02 03:27:58 EST
Description of problem:
When client side configured for remote logging and changing only option 'remote_server', plugin /sbin/audisp-remote terminates after (re)start of auditd service with message:
'Unknown keyword "enable_krb5" in line 25 of /etc/audisp/audisp-remote.conf'
Option "enable_krb5" is present in the config by default. So in order to get the remote logging work, it has to be commented out.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Configure one system so server as server for remote logging.
2. Configure other system as client with changing only option 'remote_server' and leaving enable_krb5 option untouched.
3. Restart auditd service on client.
No messages loggen on the server. Client side /var/log/messages contains:
Dec 11 10:07:08 nec-em15 auditd: Started dispatcher: /sbin/audispd pid: 22510
Dec 11 10:07:08 nec-em15 audispd: af_unix plugin initialized
Dec 11 10:07:08 nec-em15 audispd: audispd initialized with q_depth=80 and 2 active plugins
Dec 11 10:07:08 nec-em15 audisp-remote: Unknown keyword "enable_krb5" in line 25 of /etc/audisp/audisp-remote.conf
Dec 11 10:07:08 nec-em15 kernel: type=1305 audit(1229008028.287:208): audit_pid=22508 old=0 by auid=0 subj=root:system_r:auditd_t:s0
Keyword "enable_krb5" should be recognised or at least commented out.
Kerberos support is disabled in this package version.
The easy fix for this is to comment out the krb5 options in the config file. I have a more extensive fix checked into upstream svn, but commenting out the config options is the simplest way to fix the problem.
Created attachment 326631 [details]
Patch attempting to fix the problem
This is the proposed fix. It simply comments out a couple config options.
A more extensive fix is here:
but I think we want the conservative fix for now.
audit-1.7.7-6.el5 was built to solve this problem.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.