#7875 The /etc/krb5.conf does not get upgraded
Opened 4 months ago by adelton. Modified 4 months ago

Issue

While investigating https://github.com/freeipa/freeipa-container/issues/252, I've found out that /etc/krb5.conf on container upgraded from older versions has

pkinit_anchors = FILE:/etc/ipa/ca.crt

while fresh installation on Fedora 27 and Fedora 28 has

pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem

Steps to Reproduce

  1. Have FreeIPA installed on Fedora 25 (or maybe Fedora 26 will be enough).
  2. Yes, I know that it's been long EOL. What we try to do is verify if upgrades from old versions work.
  3. Upgrade that installation to Fedora 28.

Actual behavior

The /etc/krb5.conf does not get updated to match the fresh FreeIPA-on-Fedora 28.

Expected behavior

The /etc/krb5.conf does gets updated to match the fresh FreeIPA-on-Fedora 28.

Version/Release/Distribution

$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server

freeipa-server-4.7.2-1.1.fc28.x86_64
freeipa-client-4.7.2-1.1.fc28.x86_64
package ipa-server is not installed
package ipa-client is not installed
389-ds-base-1.4.0.21-1.fc28.x86_64
pki-ca-10.6.9-1.fc28.noarch
krb5-server-1.16.1-25.fc28.x86_64

Additional info:

This was upgrade from Fedora 25.


Login to comment on this ticket.

Metadata