Canonicalize fallback only works for different realm (MITKRB RT #6917)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
krb5 (Debian) |
Fix Released
|
Unknown
|
|||
krb5 (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Oneiric |
Fix Released
|
High
|
Steve Langasek | ||
Precise |
Fix Released
|
High
|
Unassigned |
Bug Description
SRU justification:
krb5 1.9.1 breaks interoperability with older KDCs. If you have a Kerberos realm with one of these older KDCs that does not implement the "canonicalize" option, oneiric's will be unusable as a Kerberos client for this realm.
See RedHat bugzilla: https:/
Quoting:
Certain versions of the KDC software (included for example
in Red Hat Enterprise Linux 2.1 and 3) reject requests,
which include KDC options the software does not recognize,
and do not support the "canonicalize" option. When a client
was configured to use one of these versions of the KDC
software, the client failed to obtain credentials for
authentication to other services. This interoperability
regression was introduced in the update to Red Hat
Enterprise Linux 6.1. With this update, an upstream patch
has been provided to fix this bug.
I have applied the patch provided on this bugzilla page, and this fixed the problem.
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: libkrb5-3 1.9.1+dfsg-1ubuntu1
ProcVersionSign
Uname: Linux 3.0.0-12-
NonfreeKernelMo
ApportVersion: 1.23-0ubuntu3
Architecture: i386
Date: Fri Oct 14 15:56:20 2011
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release i386 (20110427.1)
SourcePackage: krb5
UpgradeStatus: Upgraded to oneiric on 2011-10-13 (0 days ago)
Related branches
Changed in krb5 (Debian): | |
status: | Unknown → Fix Released |
Changed in krb5 (Ubuntu Oneiric): | |
status: | Triaged → In Progress |
assignee: | nobody → Steve Langasek (vorlon) |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
tags: |
added: verification-done removed: verification-needed |
The attachment "Patch to re-enable same-realm fallback for canonicalize errors" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors please also unsubscribe the team from this bug report.
[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]