Issue #5912: Installing freeipa client breaks crypto-policies for krb5 - freeipa

freeipa

#5912 Installing freeipa client breaks crypto-policies for krb5

Closed: Fixed None Opened 7 years ago by mbasti.

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1336927

During install, freeipa overwrites the system krb5 with its own.  However, in
order to enable crypto-policies support for krb5, the default krb5 contains
`includedir /etc/krb5.conf.d/` (and the crypto policies file is linked in to
that directory).

This directory is not present in krb5.conf after installing a client.  I do see
the line `/var/lib/sss/pubconf/krb5.include.d/` at the top, so I'm not sure
whether the intent is to unify these directories in some way or whether the
krb5.conf.d removal is accidental.

mbasti commented 7 years ago

JFTR: Related ticket (proper fix) - #5913

mbasti commented 7 years ago

master:

2026677 Added krb5.conf.d/ to included dirs in krb5.conf

Metadata Update from @mbasti:
- Issue assigned to stlaz
- Issue set to the milestone: FreeIPA 4.4

7 years ago

Metadata

Assignee

stlaz

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.4

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1336927

tester

None

changelog

None

design

None

freeipa

Source Code

#5912 Installing freeipa client breaks crypto-policies for krb5 Closed: Fixed None Opened 7 years ago by mbasti.

Metadata

#5912 Installing freeipa client breaks crypto-policies for krb5

Closed: Fixed None Opened 7 years ago by mbasti.