Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 857049

Summary: [RHEL5] IPA allows clients named localhost.localdomain, they should be refused
Product: Red Hat Enterprise Linux 5 Reporter: Scott Poore <spoore>
Component: ipa-clientAssignee: Rob Crittenden <rcritten>
Status: CLOSED WONTFIX QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.9CC: cvantuin, jgalipea, ksiddiqu, mkosek, nsoman
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 753526 Environment:
Last Closed: 2013-11-08 08:19:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 753526    
Bug Blocks: 756082    

Description Scott Poore 2012-09-13 13:11:42 UTC 
+++ This bug was initially created as a clone of Bug #753526 +++

ipa-client --install should refuse to join a machine named localhost (localhost.localdomain) to the domain as this is a 'special' name that indicates that the hostname of the server has not been set and is not for use in a network environment.

--- Additional comment from pm-rhel on 2011-11-13 00:12:45 EST ---

Since this issue was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from mkosek on 2011-11-14 03:14:58 EST ---

Not a blocking issue, moving to 6.3.0

--- Additional comment from pm-rhel on 2011-11-15 08:08:57 EST ---

Since the release flag was set to ? after the pm_ack flag was set to + (was likely set for the previous release), the pm_ack flag has been reset to ? by the bugbot (pm-rhel). This action ensures the proper review by Product Management.

--- Additional comment from rcritten on 2011-11-15 10:38:58 EST ---

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2112

--- Additional comment from rcritten on 2012-01-23 15:12:00 EST ---

fixed upstream:

master: f7b4eb6a0918c0b73d4b98f47dcd76fa4e8072f5

ipa-2-2: bf32ed8bf0917e1e029f9488090944143cd2dc68

--- Additional comment from errata-xmlrpc on 2012-02-14 10:30:09 EST ---

Bug report changed to ON_QA status by Errata System.
A QE request has been submitted for advisory RHEA-2012:12631-01
http://errata.devel.redhat.com/errata/show/12631

--- Additional comment from mkosek on 2012-04-19 08:24:02 EDT ---

Tech note not needed - limited impact.

--- Additional comment from mkosek on 2012-04-19 08:24:02 EDT ---


    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.

--- Additional comment from ksiddiqu on 2012-05-02 02:06:38 EDT ---

Verified.

ipa-client-version:
[root@dhcp201-113 ~]# rpm -q ipa-client
ipa-client-2.2.0-11.el6.x86_64
[root@dhcp201-113 ~]#


[root@dhcp201-113 ~]# hostname
localhost.localdomain
[root@dhcp201-113 ~]#

[root@dhcp201-113 ~]# ipa-client-install -p admin -w Secret123 -U
Invalid hostname, 'localhost.localdomain' must not be used.
Installation failed. Rolling back changes.
IPA client is not configured on this system.
[root@dhcp201-113 ~]#

--- Additional comment from errata-xmlrpc on 2012-06-19 10:56:17 EDT ---

Bug report changed to RELEASE_PENDING status by Errata System.
Advisory RHBA-2012:0819-04 has been changed to PUSH_READY status.
http://errata.devel.redhat.com/errata/show/12631

--- Additional comment from errata-xmlrpc on 2012-06-20 09:17:18 EDT ---

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html
Comment 1 Scott Poore 2012-09-13 13:15:29 UTC 
I'm seeing the same thing on RHEL5 so I made this clone since the fix does not yet exist in RHEL5 as of version:  ipa-client-2.1.3-4.el5

# rpm -q ipa-client
ipa-client-2.1.3-4.el5

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 5.9 Beta (Tikanga)

# hostname localhost.localdomain

# ipa-client-install --domain=$DOMAIN --realm=$RELM -p $ADMINID -w $ADMINPW --unattended --server=$MASTER
Discovery was successful!
Hostname: localhost.localdomain
Realm: TESTRELM.COM
DNS Domain: testrelm.com
IPA Server: vm4.testrelm.com
BaseDN: dc=testrelm,dc=com


Synchronizing time with KDC...

Enrolled in IPA realm TESTRELM.COM
Created /etc/ipa/default.conf
Unable to parse existing SSSD config. As option --preserve-sssd was not specified, new config will override the old one.
The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
root        : ERROR    Unable to parse existing SSSD config and --preserve-sssd was not specified: [Errno 2] No such file or directory: '/etc/sssd/sssd.conf'
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM.COM
SSSD enabled
NTP enabled
Client configuration complete.
Comment 2 Martin Kosek 2012-11-13 09:53:37 UTC 
Moving to POST as this is already fixed upstream:

fixed upstream:

master: f7b4eb6a0918c0b73d4b98f47dcd76fa4e8072f5

ipa-2-2: bf32ed8bf0917e1e029f9488090944143cd2dc68
Comment 3 Martin Kosek 2013-11-08 08:19:17 UTC 
This Bugzilla has been reviewed by Red Hat and is not planned on being
addressed in Red Hat Enterprise Linux 5, and therefore will be closed.

If this bug is critical to production systems, please contact your Red Hat
support representative and provide sufficient business justification.

This issue is already fixed in ipa-client in RHEL-6.3.