761317 – Please backport s4u2proxy fixes from upstream trunk

Bug 761317 - Please backport s4u2proxy fixes from upstream trunk

Summary: Please backport s4u2proxy fixes from upstream trunk

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	krb5
Sub Component:
Version:	16
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	761523
TreeView+	depends on / blocked

Reported:	2011-12-08 02:53 UTC by Simo Sorce
Modified:	2012-02-17 00:58 UTC (History)
CC List:	3 users (show)
Fixed In Version:	krb5-1.9.2-6.fc15
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	761523 (view as bug list)
Environment:
Last Closed:	2012-02-11 22:04:27 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Simo Sorce 2011-12-08 02:53:58 UTC

Please apply patches for upstream tickets number: 7046, 7047, 7048 to the krb5 packages.

These patches should apply cleanly to 1.9 and 1.10 without issues.

They are need for an upcoming version of IPA that uses s4u2proxy constrained delegation.

Please note that the upstream committed patch for 7048 is faulty, a fix should be committed shortly and will need to be incorporated as well.

Comment 1 Nalin Dahyabhai 2011-12-13 16:32:08 UTC

The patches don't just apply to 1.9.  I'm going to need a decent way to test the results before I push them in.

Comment 2 Simo Sorce 2011-12-13 18:13:07 UTC

The only stuff that exercise this code is FreeIPA tools in master (after Rob's patches will be applied).

Comment 3 Jenny Severance 2012-01-24 16:35:25 UTC

Steps to reproduce:

1) install IPA 
2) kinit as admin
3) ipa user-show admin

No IPA CLI commands will work without this fix

Comment 4 Nalin Dahyabhai 2012-01-30 22:20:12 UTC

(In reply to comment #3)
> Steps to reproduce:
> 
> 1) install IPA 
> 2) kinit as admin
> 3) ipa user-show admin
> 
> No IPA CLI commands will work without this fix

This command already works without the patch.  In which version does IPA grow a dependency on these changes, so that it doesn't work without them?  And what distinguishes an error caused by this not working from any other error?

Comment 7 Fedora Update System 2012-01-31 00:43:19 UTC

krb5-1.9.2-6.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/krb5-1.9.2-6.fc16

Comment 8 Fedora Update System 2012-01-31 00:43:28 UTC

krb5-1.9.2-6.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/krb5-1.9.2-6.fc15

Comment 9 Fedora Update System 2012-01-31 21:58:52 UTC

Package krb5-1.9.2-6.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing krb5-1.9.2-6.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-1067/krb5-1.9.2-6.fc16
then log in and leave karma (feedback).

Comment 10 Fedora Update System 2012-02-11 22:04:27 UTC

krb5-1.9.2-6.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2012-02-17 00:58:21 UTC

krb5-1.9.2-6.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.