#5912 Installing freeipa client breaks crypto-policies for krb5
Closed: Fixed None Opened 3 years ago by mbasti.

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1336927

During install, freeipa overwrites the system krb5 with its own.  However, in
order to enable crypto-policies support for krb5, the default krb5 contains
`includedir /etc/krb5.conf.d/` (and the crypto policies file is linked in to
that directory).

This directory is not present in krb5.conf after installing a client.  I do see
the line `/var/lib/sss/pubconf/krb5.include.d/` at the top, so I'm not sure
whether the intent is to unify these directories in some way or whether the
krb5.conf.d removal is accidental.

JFTR: Related ticket (proper fix) - #5913

master:

  • 2026677 Added krb5.conf.d/ to included dirs in krb5.conf

Metadata Update from @mbasti:
- Issue assigned to stlaz
- Issue set to the milestone: FreeIPA 4.4

3 years ago

Login to comment on this ticket.

Metadata