Red Hat Bugzilla – Bug 761317
Please backport s4u2proxy fixes from upstream trunk
Last modified: 2012-02-16 19:58:21 EST
Please apply patches for upstream tickets number: 7046, 7047, 7048 to the krb5 packages.
These patches should apply cleanly to 1.9 and 1.10 without issues.
They are need for an upcoming version of IPA that uses s4u2proxy constrained delegation.
Please note that the upstream committed patch for 7048 is faulty, a fix should be committed shortly and will need to be incorporated as well.
The patches don't just apply to 1.9. I'm going to need a decent way to test the results before I push them in.
The only stuff that exercise this code is FreeIPA tools in master (after Rob's patches will be applied).
Steps to reproduce:
1) install IPA
2) kinit as admin
3) ipa user-show admin
No IPA CLI commands will work without this fix
(In reply to comment #3)
> Steps to reproduce:
> 1) install IPA
> 2) kinit as admin
> 3) ipa user-show admin
> No IPA CLI commands will work without this fix
This command already works without the patch. In which version does IPA grow a dependency on these changes, so that it doesn't work without them? And what distinguishes an error caused by this not working from any other error?
krb5-1.9.2-6.fc16 has been submitted as an update for Fedora 16.
krb5-1.9.2-6.fc15 has been submitted as an update for Fedora 15.
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing krb5-1.9.2-6.fc16'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
krb5-1.9.2-6.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
krb5-1.9.2-6.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.