freeipa

Clone
Source Code
GIT

#6829 IPA client and server installer sets incorrect domain->realm mappings
Opened 7 years ago by dkupka. Modified 5 years ago

Open
Close issue as:
fixed wontfix worksforme duplicate insufficientinfo invalid

In situation when host (future client or future server) is not in IPA domain installer add mapping of host's domain to IPA realm. We know nothing about host's domain and should not assume all resources there are enrolled to IPA.

Steps to reproduce:

[ipa-srv.example.org] # ipa-server-install -a Secret123 -p Secret123 -r IPA.EXAMPLE.ORG --domain ipa.example.org -U

Actual content of [domain_realm] section of krb5.conf:

.ipa.example.org = IPA.EXAMPLE.ORG
ipa.example.org = IPA.EXAMPLE.ORG
ipa-srv.example.org = IPA.EXAMPLE.ORG
.example.org = IPA.EXAMPLE.ORG
example.org = IPA.EXAMPLE.ORG

Expected content of [domain_realm] section of krb5.conf:

.ipa.example.org = IPA.EXAMPLE.ORG
ipa.example.org = IPA.EXAMPLE.ORG
ipa-srv.example.org = IPA.EXAMPLE.ORG

Additional info:
client-install code: https://pagure.io/freeipa/blob/8960398a57f69c124ec3105289dc355baa0d5b09/f/ipaclient/install/client.py#_730-735
server-install code: https://pagure.io/freeipa/blob/8960398a57f69c124ec3105289dc355baa0d5b09/f/ipaserver/install/krbinstance.py#_227-239

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.7
7 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)
5 years ago

FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.