freeipa install does not correctly setup krb5-admin-server

Bug #1772205 reported by gianluca on 2018-05-19
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
freeipa (Ubuntu)
High
Unassigned

Bug Description

In Ubuntu 18.04, ipa-server-install does not correctly configures krb5-admin-server. Therefore, the kadmin server does not start. The problem is that the krb5-admin-server service needs the file /etc/krb5kdc/kadm5.acl. This file may be empty, but it should exists, otherwise the server does not start. However, the krb5-admin-server does not contain such a file, nor the ipa-server-install command creates it during its execution.

Note this was different in Ubuntu 16.04, where krb5-admin-server used to start even without the ACL file.

gianluca (amato) wrote :

Changed affected package.

affects: tomcat8 (Ubuntu) → freeipa (Ubuntu)
Timo Aaltonen (tjaalton) wrote :

indeed, I'll comment that part of the admin conf template out.. it should start after that?

Changed in freeipa (Ubuntu):
assignee: nobody → Timo Aaltonen (tjaalton)
status: New → Confirmed
gianluca (amato) wrote :

I tried commenting the line

acl_file = /etc/krb5kdc/kadm5.acl

in /etc/krb5kdc/kdc.conf, but krb5-admin-server still requires the ACL file.

Timo Aaltonen (tjaalton) wrote :

ok, turns out this was filed against the debian package two years ago, by me:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819017

we'll see what the outcome is

Timo Aaltonen (tjaalton) wrote :

fixed in git

Changed in freeipa (Ubuntu):
importance: Undecided → High
status: Confirmed → In Progress
Timo Aaltonen (tjaalton) on 2018-05-23
Changed in freeipa (Ubuntu):
assignee: Timo Aaltonen (tjaalton) → nobody
gianluca (amato) wrote :

I confirm that it works!

Fabien COMBERNOUS (fc.) wrote :

Is the conflict between the two packages still going on?

Fabien COMBERNOUS (fc.) wrote :

I am asking about bionic packages

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.