Description of problem:
libcurl upstream dropped support for delegating Kerberos tickets. This was
applied to EL6 in bug https://bugzilla.redhat.com/show_bug.cgi?id=711454
certmonger needs to be able to delegate tickets via XML-RPC to authenticate with IPA using xmlrpc-c.
Bug https://bugzilla.redhat.com/show_bug.cgi?id=719938 was created to add a new API to libcurl to do delegation.
Bug https://bugzilla.redhat.com/show_bug.cgi?id=719945 was created to add a new api to xmlrpc-c to utilize this delegation feature.
certmonger needs to be updated to use the new xmlrpc-c API.
Version-Release number of selected component (if applicable):
It looks like the currently-proposed patch requires us to set "gss_delegate" to 1 in the right xmlrpc_curl_xportparms structure that we pass to xmlrpc_client_create(). We'll need to have the patch added to the xmlrpc-c package (preferably after it's integrated into upstream's tree) and to have that updated version of xmlrpc-c tagged into the buildroot before we can build a fixed certmonger.
I can make the code changes in certmonger before that, but they can't be tested properly without an xmlrpc-c. Making the xmlrpc-c bug block this one.
ipa-client-install --domain=testrelm --realm=TESTRELM -p admin -w Secret123 -U
Discovery was successful!
DNS Domain: testrelm
IPA Server: ipaqavme.testrelm
Enrolled in IPA realm TESTRELM
Configured /etc/krb5.conf for IPA realm TESTRELM
Warning: Hostname (hp-dl380g6-01.testrelm) not found in DNS
DNS server record set to: hp-dl380g6-01.testrelm -> 10.16.65.39
Kerberos 5 enabled
Client configuration complete.
[root@hp-dl380g6-01 ~]# kinit admin
Password for admin@TESTRELM:
[root@hp-dl380g6-01 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@TESTRELM
Valid starting Expires Service principal
09/21/11 11:38:40 09/22/11 11:38:36 krbtgt/TESTRELM@TESTRELM
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.