Bug 857049 - [RHEL5] IPA allows clients named localhost.localdomain, they should be refused
[RHEL5] IPA allows clients named localhost.localdomain, they should be refused
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: ipa-client (Show other bugs)
5.9
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Rob Crittenden
IDM QE LIST
:
Depends On: 753526
Blocks: 756082
  Show dependency treegraph
 
Reported: 2012-09-13 09:11 EDT by Scott Poore
Modified: 2013-11-08 03:19 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 753526
Environment:
Last Closed: 2013-11-08 03:19:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Scott Poore 2012-09-13 09:11:42 EDT
+++ This bug was initially created as a clone of Bug #753526 +++

ipa-client --install should refuse to join a machine named localhost (localhost.localdomain) to the domain as this is a 'special' name that indicates that the hostname of the server has not been set and is not for use in a network environment.

--- Additional comment from pm-rhel@redhat.com on 2011-11-13 00:12:45 EST ---

Since this issue was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from mkosek@redhat.com on 2011-11-14 03:14:58 EST ---

Not a blocking issue, moving to 6.3.0

--- Additional comment from pm-rhel@redhat.com on 2011-11-15 08:08:57 EST ---

Since the release flag was set to ? after the pm_ack flag was set to + (was likely set for the previous release), the pm_ack flag has been reset to ? by the bugbot (pm-rhel). This action ensures the proper review by Product Management.

--- Additional comment from rcritten@redhat.com on 2011-11-15 10:38:58 EST ---

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2112

--- Additional comment from rcritten@redhat.com on 2012-01-23 15:12:00 EST ---

fixed upstream:

master: f7b4eb6a0918c0b73d4b98f47dcd76fa4e8072f5

ipa-2-2: bf32ed8bf0917e1e029f9488090944143cd2dc68

--- Additional comment from errata-xmlrpc@redhat.com on 2012-02-14 10:30:09 EST ---

Bug report changed to ON_QA status by Errata System.
A QE request has been submitted for advisory RHEA-2012:12631-01
http://errata.devel.redhat.com/errata/show/12631

--- Additional comment from mkosek@redhat.com on 2012-04-19 08:24:02 EDT ---

Tech note not needed - limited impact.

--- Additional comment from mkosek@redhat.com on 2012-04-19 08:24:02 EDT ---


    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.

--- Additional comment from ksiddiqu@redhat.com on 2012-05-02 02:06:38 EDT ---

Verified.

ipa-client-version:
[root@dhcp201-113 ~]# rpm -q ipa-client
ipa-client-2.2.0-11.el6.x86_64
[root@dhcp201-113 ~]#


[root@dhcp201-113 ~]# hostname
localhost.localdomain
[root@dhcp201-113 ~]#

[root@dhcp201-113 ~]# ipa-client-install -p admin -w Secret123 -U
Invalid hostname, 'localhost.localdomain' must not be used.
Installation failed. Rolling back changes.
IPA client is not configured on this system.
[root@dhcp201-113 ~]#

--- Additional comment from errata-xmlrpc@redhat.com on 2012-06-19 10:56:17 EDT ---

Bug report changed to RELEASE_PENDING status by Errata System.
Advisory RHBA-2012:0819-04 has been changed to PUSH_READY status.
http://errata.devel.redhat.com/errata/show/12631

--- Additional comment from errata-xmlrpc@redhat.com on 2012-06-20 09:17:18 EDT ---

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html
Comment 1 Scott Poore 2012-09-13 09:15:29 EDT
I'm seeing the same thing on RHEL5 so I made this clone since the fix does not yet exist in RHEL5 as of version:  ipa-client-2.1.3-4.el5

# rpm -q ipa-client
ipa-client-2.1.3-4.el5

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 5.9 Beta (Tikanga)

# hostname localhost.localdomain

# ipa-client-install --domain=$DOMAIN --realm=$RELM -p $ADMINID -w $ADMINPW --unattended --server=$MASTER
Discovery was successful!
Hostname: localhost.localdomain
Realm: TESTRELM.COM
DNS Domain: testrelm.com
IPA Server: vm4.testrelm.com
BaseDN: dc=testrelm,dc=com


Synchronizing time with KDC...

Enrolled in IPA realm TESTRELM.COM
Created /etc/ipa/default.conf
Unable to parse existing SSSD config. As option --preserve-sssd was not specified, new config will override the old one.
The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
root        : ERROR    Unable to parse existing SSSD config and --preserve-sssd was not specified: [Errno 2] No such file or directory: '/etc/sssd/sssd.conf'
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM.COM
SSSD enabled
NTP enabled
Client configuration complete.
Comment 2 Martin Kosek 2012-11-13 04:53:37 EST
Moving to POST as this is already fixed upstream:

fixed upstream:

master: f7b4eb6a0918c0b73d4b98f47dcd76fa4e8072f5

ipa-2-2: bf32ed8bf0917e1e029f9488090944143cd2dc68
Comment 3 Martin Kosek 2013-11-08 03:19:17 EST
This Bugzilla has been reviewed by Red Hat and is not planned on being
addressed in Red Hat Enterprise Linux 5, and therefore will be closed.

If this bug is critical to production systems, please contact your Red Hat
support representative and provide sufficient business justification.

This issue is already fixed in ipa-client in RHEL-6.3.

Note You need to log in before you can comment on or make changes to this bug.