Bug 987479 - libsss_sudo should depend on sudo package with sssd support
Summary: libsss_sudo should depend on sudo package with sssd support
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-23 13:05 UTC by Eduardo Minguez
Modified: 2013-11-21 22:21 UTC (History)
7 users (show)

Fixed In Version: sssd-1.9.2-95.el6
Doc Type: Bug Fix
Doc Text:
Cause: libsss_sudo package didn't require sudo built with SSSD support. Consequence: libsss_sudo package could be installed with sudo version that doesn't work with SSSD. Fix: libsss_sudo package now requires sudo >= 1.8.6p3-6 Result: libsss_sudo can be only installed with sudo that is built with SSSD support.
Clone Of:
Environment:
Last Closed: 2013-11-21 22:21:24 UTC
Target Upstream Version:


Attachments (Terms of Use)
specfile patch (1.29 KB, patch)
2013-07-24 07:11 UTC, Jakub Hrozek
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:1680 0 normal SHIPPED_LIVE sssd bug fix and enhancement update 2013-11-20 21:52:37 UTC

Description Eduardo Minguez 2013-07-23 13:05:43 UTC
Description of problem:
RHEL6.0 with RHEL6.4 ipa packages installed (libsss_sudo included), and sudo-1.7.2p2-9.el6.x86_64

Configuring /etc/sssd/sssd.conf to use it for sudo rules doesn't work

$ sudo /usr/bin/less
[sudo] password for testuser: 
testuser is not in the sudoers file.  This incident will be reported.

Version-Release number of selected component (if applicable):
sudo-1.7.2p2-9.el6.x86_64
libsss_sudo-1.9.2-82.7.el6_4.x86_64

How reproducible:
Fresh RHEL6.0 + ipa-client (and dependencies) from RHEL6.4 + libsss_sudo from RHEL6.4
Configure sssd for sudo rules against IdM

Steps to Reproduce:
1. Run sudo command allowed

Actual results:
$ sudo /usr/bin/less
[sudo] password for testuser: 
testuser is not in the sudoers file.  This incident will be reported.

Expected results:
$ sudo /usr/bin/less
[sudo] password for testuser: 
Missing filename ("less --help" for help)

Additional info:

Upgrading sudo package to sudo-1.8.6p3-7.el6.x86_64 works fine (I don't know if an older version works too)

/var/sssd/sssd.log with debug_level = 6 (I think the section attached is full, but I'm not sure 100%):

(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [be_get_account_info] (0x0100): Got request for [3][1][name=testuser]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [cn=accounts,dc=idm,dc=lvtc,dc=gsnet,dc=corp]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=testuser)(objectclass=posixAccount))][cn=accounts,dc=idm,dc=lvtc,dc=gsnet,dc=corp].
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_save_user] (0x0400): Storing info for user testuser
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_has_deref_support] (0x0400): The server supports deref method OpenLDAP
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=posixGroup)(cn=*))][cn=ipausers,cn=groups,cn=accounts,dc=idm,dc=lvtc,dc=gsnet,dc=corp].
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_initgr_nested_search] (0x0040): Search for group cn=ipausers,cn=groups,cn=accounts,dc=idm,dc=lvtc,dc=gsnet,dc=corp, returned 0 results. Skipping
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=posixGroup)(cn=*))][ipauniqueid=9a41b00e-e960-11e2-b437-005056886a0a,cn=hbac,dc=idm,dc=lvtc,dc=gsnet,dc=corp].
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_initgr_nested_search] (0x0040): Search for group ipauniqueid=9a41b00e-e960-11e2-b437-005056886a0a,cn=hbac,dc=idm,dc=lvtc,dc=gsnet,dc=corp, returned 0 results. Skipping
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [be_pam_handler] (0x0100): Got request with the following data
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): domain: idm.lvtc.gsnet.corp
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): user: testuser
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): service: sudo
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): tty: /dev/pts/1
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): ruser: testuser
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): rhost: vmlbcipacl60.lvtc.gsnet.corp
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): authtok type: 1
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): authtok size: 12
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): newauthtok size: 0
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): priv: 0
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): cli_pid: 15562
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [check_for_valid_tgt] (0x0080): TGT is valid.
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [be_resolve_server_process] (0x0200): Found address for server vmlbcipal02.idm.lvtc.gsnet.corp: [180.133.135.32] TTL 1200
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [krb5_find_ccache_step] (0x0080): Saved ccache FILE:/tmp/krb5cc_56800003_mbQQFU if of different type than ccache in configuration file, reusing the old ccache
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'vmlbcipal02.idm.lvtc.gsnet.corp' as 'working'
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [set_server_common_status] (0x0100): Marking server 'vmlbcipal02.idm.lvtc.gsnet.corp' as 'working'
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [safe_remove_old_ccache_file] (0x0400): New and old ccache file are the same, no one will be deleted.
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [be_pam_handler_callback] (0x0100): Sending result [0][idm.lvtc.gsnet.corp]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [be_pam_handler_callback] (0x0100): Sent result [0][idm.lvtc.gsnet.corp]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [child_sig_handler] (0x0100): child [15565] finished successfully.
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [be_pam_handler] (0x0100): Got request with the following data
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): domain: idm.lvtc.gsnet.corp
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): user: testuser
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): service: sudo
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): tty: /dev/pts/1
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): ruser: testuser
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): rhost: vmlbcipacl60.lvtc.gsnet.corp
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): authtok type: 0
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): authtok size: 0
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): newauthtok size: 0
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): priv: 0
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [pam_print_data] (0x0100): cli_pid: 15562
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_access_send] (0x0400): Performing access check for user [testuser]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_account_expired_rhds] (0x0400): Performing RHDS access check for user [testuser]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaHost)(fqdn=vmlbcipacl60.lvtc.gsnet.corp))][cn=accounts,dc=idm,dc=lvtc,dc=gsnet,dc=corp].
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_x_deref_search_send] (0x0400): Dereferencing entry [fqdn=vmlbcipacl60.lvtc.gsnet.corp,cn=computers,cn=accounts,dc=idm,dc=lvtc,dc=gsnet,dc=corp] using OpenLDAP deref
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no filter][fqdn=vmlbcipacl60.lvtc.gsnet.corp,cn=computers,cn=accounts,dc=idm,dc=lvtc,dc=gsnet,dc=corp].
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_x_deref_parse_entry] (0x0400): Got deref control
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_x_deref_parse_entry] (0x0400): All deref results from a single control parsed
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [ipa_hostgroup_info_done] (0x0200): No host groups were dereferenced
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [ipa_hbac_service_info_next] (0x0400): Sending request for next search base: [cn=hbac,dc=idm,dc=lvtc,dc=gsnet,dc=corp][2][(objectClass=ipaHBACService)]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectClass=ipaHBACService)][cn=hbac,dc=idm,dc=lvtc,dc=gsnet,dc=corp].
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [ipa_hbac_servicegroup_info_next] (0x0400): Sending request for next search base: [cn=hbac,dc=idm,dc=lvtc,dc=gsnet,dc=corp][2][(objectClass=ipaHBACServiceGroup)]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=idm,dc=lvtc,dc=gsnet,dc=corp].
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [ipa_hbac_rule_info_next] (0x0400): Sending request for next search base: [cn=hbac,dc=idm,dc=lvtc,dc=gsnet,dc=corp][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(|(hostCategory=all)(memberHost=fqdn=vmlbcipacl60.lvtc.gsnet.corp,cn=computers,cn=accounts,dc=idm,dc=lvtc,dc=gsnet,dc=corp)))]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(|(hostCategory=all)(memberHost=fqdn=vmlbcipacl60.lvtc.gsnet.corp,cn=computers,cn=accounts,dc=idm,dc=lvtc,dc=gsnet,dc=corp)))][cn=hbac,dc=idm,dc=lvtc,dc=gsnet,dc=corp].
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [hbac_get_category] (0x0200): Category is set to 'all'.
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [hbac_get_category] (0x0200): Category is set to 'all'.
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [prueba]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [hbac_get_category] (0x0200): Category is set to 'all'.
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [hbac_get_category] (0x0200): Category is set to 'all'.
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [hbac_get_category] (0x0200): Category is set to 'all'.
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [prueba]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [ipa_get_selinux_send] (0x0400): Retrieving SELinux user mapping
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(cn=ipaConfig)(objectClass=ipaGuiConfig))][cn=etc,dc=idm,dc=lvtc,dc=gsnet,dc=corp].
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [ipa_selinux_get_maps_next] (0x0400): Trying to fetch SELinux maps with following parameters: [2][(&(objectclass=ipaselinuxusermap)(ipaEnabledFlag=TRUE))][cn=selinux,dc=idm,dc=lvtc,dc=gsnet,dc=corp]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=ipaselinuxusermap)(ipaEnabledFlag=TRUE))][cn=selinux,dc=idm,dc=lvtc,dc=gsnet,dc=corp].
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [ipa_selinux_get_maps_done] (0x0400): No SELinux user maps found!
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, Success) [Success]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [be_pam_handler_callback] (0x0100): Sending result [0][idm.lvtc.gsnet.corp]
(Tue Jul 23 14:47:32 2013) [sssd[be[idm.lvtc.gsnet.corp]]] [be_pam_handler_callback] (0x0100): Sent result [0][idm.lvtc.gsnet.corp]

Comment 2 Jakub Hrozek 2013-07-23 19:02:22 UTC
I'm not entirely sure about the supportability of running 6.4 SSSD stack on 6.3 RHEL (or with 6.3 sudo), but from purely technical standpoint I agree we should do our best to warn the user.

Because sudo is the initiator of the communication and libsss_sudo is simply dlopen()-ed, not linked against, the SSSD has no other way of enforcing the version than explicit Requires.

Comment 5 Jakub Hrozek 2013-07-24 07:11:33 UTC
Created attachment 777605 [details]
specfile patch

Attached is a candidate patch. I think Requires makes more sense here than Conflicts because when the user installs libsss_sudo, he really needs sudo support, so it makes no sense to avoid configuration with libsss_sudo but without sudo.

The version that the patch Requires was shipped in 6.4 and fixed a number of sssd-related bugs.

Comment 7 Kaushik Banerjee 2013-10-21 06:17:47 UTC
Verified in version 1.9.2-128.el6

Snippet of result from "yum install libsss_sudo"

<snip>

---> Package libsss_sudo.x86_64 0:1.9.2-128.el6 will be installed
--> Processing Dependency: sudo >= 1.8.6p3-6 for package: libsss_sudo-1.9.2-128.el6.x86_64
--> Running transaction check
---> Package sudo.x86_64 0:1.8.6p3-12.el6 will be installed
--> Finished Dependency Resolution

</snip>

Comment 8 errata-xmlrpc 2013-11-21 22:21:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1680.html


Note You need to log in before you can comment on or make changes to this bug.