Bug 872707 – ipa-server dependency on krb5-server is not adequate

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 872707 - ipa-server dependency on krb5-server is not adequate

Summary:	ipa-server dependency on krb5-server is not adequate

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa (Show other bugs)
Sub Component:
Version:	6.3
Hardware:	Unspecified Unspecified

Priority	medium Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Rob Crittenden
QA Contact:	Namita Soman
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2012-11-02 15:18 EDT by Rob Crittenden
Modified:	2013-02-21 04:29 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	ipa-3.0.0-8.el6
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-02-21 04:29:36 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0528	normal	SHIPPED_LIVE	Low: ipa security, bug fix and enhancement update	2013-02-21 03:22:21 EST

Groups: None (edit)

Description Rob Crittenden 2012-11-02 15:18:32 EDT

Description of problem:

The ipa-server dependency on krb5-server is that it is >= a specific version. The problem is that krb5 backend plugins are not necessarily ABI compatible between versions, so we also need something like:

Requires: krb5-server >= x.y
Requires: krb5-server < x.y+1

Comment 1 Martin Kosek 2012-11-06 10:38:35 EST

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/3241

Comment 2 Martin Kosek 2012-11-08 03:48:23 EST

Fixed upstream:

master: https://fedorahosted.org/freeipa/changeset/f1ce31486c3032e92780421164a2e12a56693075/
ipa-3-0: https://fedorahosted.org/freeipa/changeset/18c3affb3ad5b6c5e3a123080badc812a7e20444/

Comment 4 Jenny Galipeau 2012-11-20 15:14:58 EST

Can you please add steps to verify this bug?
Thanks!

Comment 5 Rob Crittenden 2012-11-20 15:31:41 EST

To verify you'd need to try to install a krb5-server package >= 1.11 and or one <= 1.10. There currently isn't a 1.11 package AFAIK.

Comment 7 Michael Gregg 2013-01-29 21:56:03 EST

To verify this one, would it not be sufficient to just query the rpm to see what it requires?

rpm -q --requires ipa-server gives:
krb5-server >= 1.10
krb5-server < 1.11

I ran this against:
ipa-server-3.0.0-9.el6.x86_64

Comment 8 Rob Crittenden 2013-01-30 09:23:09 EST

Yes, that is fine too.

Comment 9 Michael Gregg 2013-01-30 16:13:12 EST

Thank you for the clarification.

Verified against ipa-server-3.0.0-9.el6.x86_64

Comment 11 errata-xmlrpc 2013-02-21 04:29:36 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html

Note You need to log in before you can comment on or make changes to this bug.