> "Christian" == Christian Ehrhardt <1955...@bugs.launchpad.net>
writes:
Christian> Reproducible in local autopkgtest
Let me make sure I'm understanding.
You are saying that prior to penssl 3, the test works, but with
openssl3, the test fails?
What is the ssl version in the successful
> "Simon" == Simon Chopin <1945...@bugs.launchpad.net> writes:
Simon> We're planning to transition to OpenSSL 3.0 for the 22.04
Simon> release, and consider this issue as blocking for this
Simon> transition.
I expect things to be fixed in Debian within the next couple of months.
I
This is possibly a duplicate of
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1874915 at least if you
are using freeipa.
As shipped, krb5-kdc does not log to /var/log, but instead logs to syslog
My position is that since krb5's systemd configuration is correct for the
shipped configurat
I'm going to push back on the reassignment to krb5.
I think this is a freeipa bug.
Kerberos's systemd service unit is correct for Kerberos.
freeipa is the one that is deciding it wants to change the Kerberos
logging configuration, and thus is the one that should adjust the
permissions.
Honestly I'd
Yes, it is because of that change.
is the dn outside of the subtree?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817955
Title:
Getting new "DN is out of the realm subtree" error on adding princip
Robie any chance I could get you to sync krb5 1.17-2 from Debian
unstable to disco?
It's probably not a big deal but there's no reason not to take the fix
into Disco.
> "Robie" == Robie Basak <1817...@bugs.launchpad.net> writes:
Robie> Thanks Clark and Sam. Ubuntu doesn't support upgrade
I think this is basically only a problem on upgrade from older versions of
krb5, in particular from prior to the 1.12 era to the current packaging.
As part of adding support for systemd units, I decided to drop support for the
run_kadmind variable, and bungled the upgrade path.
This is an issue f
** Changed in: krb5 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817376
Title:
krb5-admin-server postinst has broken debconf if RUN_KADMIND set in
/etc/d
So, is this a spec bug or an implementation bug.
Does the current behavior cause anything to break, or is it simply that
implementations have diverged from the spec in tagging of the string.
--Sam
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
*** This bug is a duplicate of bug 1772447 ***
https://bugs.launchpad.net/bugs/1772447
I agree with Russ.
On the Debian side, I would not support a change to krb5-kdc to make
/var/lib/krb5kdc world readable.
I think putting the public cert in /etc/krb5kdc is fine: I can make a
case it's config
Hi.
For whatever reason I'm not getting mail when an MP is opened in the
krb5 gitlab.
In general, i think Debian uses its BTS as the todo system of record
moreso than gitlab MPs. I know for myself and I suspect a lot of other
debian developers, a wishlist bug against a package would be the best
w
> "Joshua" == Joshua Powers writes:
Joshua> If we want to fix this in zesty, then a release with only
Joshua> the bug fixes would be desired. That could be SRU'ed
Joshua> assuming it is not too big of a change such that it would
Joshua> limit the exposure to new issues or chan
> "Joshua" == Joshua Powers writes:
Joshua> If we want to fix this in zesty, then a release with only
Joshua> the bug fixes would be desired. That could be SRU'ed
Joshua> assuming it is not too big of a change such that it would
Joshua> limit the exposure to new issues or chan
I can put something in debian experimental if that makes the sync
easier.
So, you'd prefer just the Debian 1.15-1 with bug fixes rather than a
1.15.1?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1683
** Bug watch added: Debian Bug tracker #856307
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856307
** Also affects: krb5 (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856307
Importance: Unknown
Status: Unknown
--
You received this bug notification because you
> "Robie" == Robie Basak <1643...@bugs.launchpad.net> writes:
Robie> @Bruce Thank you for detailing your testing. In your test
Robie> suite, do you cover any interoperability with SPNEGO but
Robie> not-Windows, whether in integration or code path coverage?
Robie> That's the use
As a FYI, upstream has relicensed the file under their standard license
with permission from the author.
Coming to Debian soon.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1644595
Title:
krb5-1.13
I've forwarded this to upstream krbdev.mit.edu #8506
I don't know if this is pkcs 11 2.10 specific or specific to the backend in
question, but it's worth having upstream take a look.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
htt
Langasek, Closes: #833798
* Fix kdb5_util create on 32-bit platforms, thanks Greg Hudson, Closes:
#834035
-- Sam Hartman Mon, 05 Sep 2016 21:03:14 -0400
** Affects: krb5 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a
> "Till" == Till Kamppeter <1592...@bugs.launchpad.net> writes:
Till> Build the package on the system which you have at hand (amd64,
Till> i386, ...), directing the build output into a file. Search
Till> through the output to see whther there are any compiler
Till> warnings and
Try this. I've fixed the new instance of the error as well. Incremented
the version number so the patch has a different name, but you may not
want to do that if you end up uploading
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
http
** Patch added: "krb5_1.14.2+dfsg-1ubuntu2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1592841/+attachment/4684544/+files/krb5_1.14.2+dfsg-1ubuntu2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bu
I've replaced the debdiff with one that hopefully works. I'm sorry for
spacing at the controls there. Perhaps yearning for a simpler time:-)
** Patch added: "revised patch take 2"
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1592841/+attachment/4684531/+files/krb5_1.14.2+dfsg-1ubuntu1
O, sorry.
I knew that seemed simpler than it should have been:-)
Yeah, you could stick single-debian-patch in debian/source/options and
it would work, but I'll do it right.
** Patch removed: "krb5_1.14.2+dfsg-1ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1592841/+attac
ource/krb5/+bug/1592841/+attachment/4684512/+files/krb5_1.14.2+dfsg-1ubuntu1.debdiff
** Changed in: krb5 (Ubuntu)
Assignee: Sam Hartman (hartmans) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.
Looks simple; preparing fix
** Changed in: krb5 (Ubuntu)
Assignee: (unassigned) => Sam Hartman (hartmans)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1592841
Title:
FTBFS on ppc64el, blo
Include a link to the buildlog and i'll take a look.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1592841
Title:
FTBFS on ppc64el, blocks updates of all packages depending on krb5,
for example CU
** Also affects: moonshot-ui
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1590489
Title:
Feature request: To allow Moonshot UI to also manage SAML ECP
I think it logs to syslog.
Are you seeing logging configuration that is failing because of the
systemd configuration, or are you saying that if the systemd
configuration is updated *and* a logging stanza is added it would log to
this file?
I would e xpect the kdc to log to /var/log/auth.log out of
kadmind to exhaust all
available memory. (Closes: #813126)
-- Sam Hartman Tue, 23 Feb 2016 08:54:09 -0500
** Affects: krb5 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu
urrent vivid version 0.9.2-3:
moonshot-gss-eap (0.9.2-3+deb8u1) unstable; urgency=medium
* Incorporate upstream deltas:
- 6dbf073: Allow white space in CA certificates, Closes: #781312
- 90f04c98: Don't shut down openssl on last context deletion,
Closes: #781311
-- Sam Hart
To test:
Install precise.
On precise, enable multiple architectures (say amd64 and i386)
install libkadm5srv-mit8.
Update your sources.list to trusty, try installing libkadm5srv-mit8.
I'd expect that to fail.
Update your sources.list to also include trusty-proposed.
Upgrade libkadm5srv-mit8; I'd
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1326500
Title:
libgssapi-krb5-2: segfault when mechglue loops endlessly on call to
I enabled proposed, confirmed that as I described in the initial test case
gss-server segfaults with 1.12+dfsg-2ubuntu4. Then I installed
libgssapi-krb5-2 from trusty-proposed. That pulled in most of the other krb5
packages as I'd expect all version 1.12+dfsg-2ubuntu5.
I ran gss-server and it
> "Iain" == Iain Lane writes:
Iain> Thanks Sam, I've uploaded krb5. ** Changed in: krb5 (Ubuntu
Iain> Trusty) Status: Triaged => In Progress
Hi.
I haven't seen this hit proposed yet.
Is that expected? What is the next step?
--
You received this bug notification because you are a
Hi. Here's the rationale behind the krb5-kdc krb5-kadmin-server split.
The krb5-kdc package includes the things you'd need on a traditional slave KDC.
One of the key things about a slave KDC is that the database is read-only.
The slave is not making any changes to the database, locally or othe
> "Robie" == Robie Basak <1347...@bugs.launchpad.net> writes:
Robie> Thanks Sam. I'm sorry I can't sponsor krb5, only triage the
Robie> bug and guide it through to sponsorship. It looks like you
Robie> know what you're doing here, so I guess we'll just need to
Robie> wait for a
Here's an ubdated debdiff that includes the security update applied to
trusty. I'm still waiting for a sponsor for this.
** Patch removed: "debdiff between current trusty and linked branch"
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1347147/+attachment/4166949/+files/krb5-trusty-stab
*** This bug is a security vulnerability ***
Public security bug reported:
Fix LDAP key data segmentation [CVE-2014-4345]
For principal entries having keys with multiple kvnos (due to use of
-keepold), the LDAP KDB module makes an attempt to store all the keys
having the same
This is fixed in Debian in 1.12.1+dfsg-87, currently in unstable. The
only change between -6 (utopic) and -7 is the fix to this bug.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1354714
Title:
buf
I've request a krb5 sync from debian unstable in
https://bugs.launchpad.net/bugs/1352438 that should fix this issue and
include some needed security fixes in utopic.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpa
ch to switch to TAILQ macros instead of CIRCLEQ macros,
to work around an issue with certain gcc versions. This is expected to
resolve Ubuntu bug (LP: #1347147).
[ Sam Hartman ]
* Include a quick and dirty patch so we build cleanly with -O3 fixing
incorrect may be uniniti
debdiff included
** Patch added: "debdiff between current trusty and linked branch"
https://bugs.launchpad.net/gcc/+bug/1347147/+attachment/4166949/+files/krb5-trusty-stable.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
>>>>> "Sam" == Sam Hartman writes:
Sam> hi. If I'm understanding the SRU procedure correctly, I think
Sam> we need to get someone to review the referenced bug for
Sam> inclusion in trusty.
Sorry, launchpad strips more mail headers than I
hi.
If I'm understanding the SRU procedure correctly,
I think we need to get someone to review the referenced bug for
inclusion in trusty.
https://bugs.launchpad.net/gcc/+bug/1347147
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
htt
** Description changed:
- In some conditions, propagating a kerberos database to a slave KDC server can
stall.
+ In some conditions, propagating a kerberos database to a slave KDC server or
performing other database operations can stall. As we've investigated the
issue, it looks like a databas
I'm sorry, can I get someone to test the packages at
https://launchpad.net/~hartmans/+archive/ubuntu/ubuntu-fixes
not the URI I gave in the previous message.
I pulled the wrong PPA off my home page.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribe
Please see https://launchpad.net/~hartmans/+archive/ubuntu/krb5 for
trusty packages that should fix the problem.
Can I get confirmation from Tom or someone else that without these
packages trusty fails the reproduce test in comment #1 and with them, it
succeeds the test proposed in comment #1?
I
I'm happy to upload a new krb5 to debian so you can sync it if you want
that approach.
I'm also happy if Ubuntu wants to go with a binary rebuild of krb5.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
With the upload of krb5 1.12.1+dfsg-3ubuntu1 to utopic, this is fixed in
utopic. Any additional help I can provide getting this into trusty?
** Changed in: krb5 (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which i
See https://launchpad.net/~hartmans/+archive/ubuntu-fixes packages
building. I had to upload with a different version number on the branch
because that ppa already had a krb5 build.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
htt
Since I'd really like to see the gss infinite loop patch into trusty
I'm going to update the branch for that to also include this fix and
build packages.
Expect a branch link in a few minutes.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to U
** Changed in: krb5 (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1332985
Title:
Add the krb5-send-pr command to the ubuntu package
To manage notifications ab
Here's the patch from debian krb5 1.12.1+dfsg-2
** Patch added: "0014-Do-not-loop-on-add_cred_from-and-other-new-methods.patch"
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1326500/+attachment/4125522/+files/0014-Do-not-loop-on-add_cred_from-and-other-new-methods.patch
--
You received
I've built the linked branch in ppa:hartmans/ubuntu-fixes for trusty.
With these packages installed and the attached radsec.conf installed as
/usr/local/etc/radsec.conf, then gss-server starts correctly as expected.
Without radsec.conf installed it prints an error about being unable to acquire
cr
> "Luke" == Luke Howard writes:
Luke> How about grabbing this commit from browserid: commit
Luke> e51f544e6c0b92c88163d1b0f4ae110869abf070 Author: Luke Howard
Luke> Date: Thu Oct 24 18:10:24 2013 -0700
That's something to consider for the specific case of moonshot.
However, the
Public bug reported:
There's a bug fixed in krb5 1.12.1+dfsg-2 (just uploaded to Debian) where if a
gss-api mechanism is dynamically loaded, and that mechanism uses symbols from
libgssapi_krb5, and doesn't provide certain optional entry points added in krb5
1.12, then calling one of those entry
Marking confirmed because I started tracking this down based on a report
to the Moonshot project from Rhys Smith which ended up being this issue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1326500
> "Martin" == Martin Pitt writes:
No complains at all.
I was just hoping to learn from you guys.
I actually probably want this delta for wheezy->jessie.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net
Not criticising here, but asking.
At a level deeper than "it causes apt to work correctly," why is adding
replaces a reasonable fix?
Nothing in libkdb5-7 actually replases libkadm5-mit8
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
> "Stefan" == Stefan Paetow writes:
Stefan> Ok, I've reinstalled the moonshot libraries, the error has
Stefan> gone away and there are no more segfaults.
OK.
So, if I'm understanding correctly the libgssapi-krb5-2 from my PPA did
fix the problem.
There was a segfault introduced by an
OK, that's probably the cause of the segfault.
I've deleted the broken packages from our debian and ubuntu archives.
Unfortunately getting fixed packages to reappear is a bit annoying at
the moment.
The packages in
http://repository.project-moonshot.org/debian-moonshot/pool/main/m/moonshot-gss-eap
Did you update moonshot-gs-eap?,
There's a bad version the produce is that
Stefan Paetow wrote:
>Sam, I now get a segfault in gss-server:
>
>Reading symbols from /usr/bin/gss-server...(no debugging symbols
>found)...done.
>(gdb) set args -verbose host@localhost
>(gdb) run
>Starting program: /usr/
Stefan, I've prepared packages that should fix the problem available at
https://launchpad.net/~hartmans/+archive/ubuntu-fixes
that page includes instructions on how to add the archive to your system.
After you do that please update at least libgssapi-krb5-2 and let us know
whether it fixes the
Hi. What's going on here is that it seems there are cases where on
process exit, ld.so will destruct the plugins before it destructs the
dlopening library. So it sets m_inited to 0. But as part of its
finalizer the library tries to clean up its resources, and dlcloses the
plugins. Getting you t
FYI, the git repository has been reorganized now that upstream has
moved to git.
See experimental branch of
git://git.debian.org/git/pkg-k5-afs/debian-krb5-2013.git
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchp
** Bug watch added: krbdev.mit.edu/rt/ #7135
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7135
** Also affects: kerberos via
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7135
Importance: Unknown
Status: Unknown
** Also affects: krb5 (Ubuntu)
Importance: Undecided
S
take a look at upstream commit 6e83d0bd31721ac86003530dd2450221dd05d0c2
These functions were added later and were used by a Mac-specific project
that had a different export list. I'm fairly sure this is simply an
upstream bug and the symbols should be exported.
--
You received this bug notifica
Old stash files are in fact byte order and probably but I'm not sure
word size dependent. Look at the add_mkey command to kdb5_util. I
think if you add a new master key and write it out to a new keytab
format stash file then all should be well.
If the database was created with 1.9.1 then I would
OK, setting your status back to new.
I don't have permission to propose an upload to lucid to fix this.
status new
** Changed in: krb5 (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https
I suspect that you have a version of libgssapi-krb5-2 different than
libkrb5-dbg
can you try
aptitude reinstall libgssapi-krb5-2 libkrb5-dbg and see if the messages
change?
status incomplete
importance low
** Changed in: krb5 (Ubuntu)
Importance: Undecided => Low
** Changed in: krb5 (Ubun
I'd definitely take a look at what hostname --fqdn returns on all the
machines.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/913166
Title:
kprop will not find slave-kdc
To manage notifications abo
> "Micah" == Micah Gersten writes:
Micah> This is due to this bug in Debian:
Micah> http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=650541
Micah> Apparently a private symbol somehow was exported and ended up
Micah> breaking upgrades to the new krb5, so this breaks was added
> "J" == J Sadler <900...@bugs.launchpad.net> writes:
J> You may want to reconsider adding it to kdc.conf's man page. I
J> don't believe that in a normal client install that you would get
J> the admin guide. Don't you only get it if you install the admin
J> packages?
1) It's
They are in fact in support-enc.texinfo.
OK.
So, to the extent there is a bug it's that kdc.conf's manpage doesn't
tell you to go look at the admin guide.
I don't think we want to duplicate the information.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is su
Russ, I thought that they were listed in the admin info pages too.
however, while I see a bunch of examples, searching for the string hmac
in the sources to the admin guide, I don't actually find a complete list
of the encryption types anywhere.
Am I missing something?
--
You received this bug no
*** This bug is a duplicate of bug 874130 ***
https://bugs.launchpad.net/bugs/874130
** This bug has been marked a duplicate of bug 874130
Canonicalize fallback only works for different realm (MITKRB RT #6917)
--
You received this bug notification because you are a member of Ubuntu
Bugs,
** Bug watch added: Debian Bug tracker #631106
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631106
** Also affects: krb5 (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631106
Importance: Unknown
Status: Unknown
--
You received this bug notification because you
> "Tom" == Tom Yu writes:
Tom> This bug originates from a Debian patch to krb5-1.8 that adds
Tom> IPv6 support to kpropd. The Debian version of krb5-1.9 doesn't
Tom> have this problem. It is probably not difficult to fix Debian's
Tom> krb5-1.8 patch, but this should probably b
So, fixing this particular bug in krb5-rsh-server is almost certainly
relatively easy. Fixing krb5-rsh-server to use PAM directly is more
involved; it should be done, but there is not a lot of resources going
into krb5-rsh-server and krb5-clients at the moment. Upstream split
these into the krb5-
The problem is far deeper than the socket binding. The gssrpc library
doesn't support v6 at all in this version of krb5. Fixed in 1.9.
** Also affects: krb5 (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624710
Importance: Unknown
Status: Unknown
--
You received this
I suspect what's going on here is that when
krb5_get_init_creds_set_out_ccache was added
the error reporting was bad.
I will attempt to look at this if no one gets there sooner.
take a look at the handling of out_ccahe in
src/lib/krb5/krb/get_in_tkt.c
--
You received this bug notification becau
ebian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616728
Importance: Unknown
Status: Unknown
** Changed in: krb5 (Ubuntu)
Status: In Progress => Fix Committed
** Changed in: krb5 (Ubuntu)
Assignee: Sam Hartman (hartmans) => (unassigned)
--
You r
This bug is being fixed for Debian; I hope to get into a squeeze update.
Note that Ubuntu probably wants all the other things in the upcoming
1.8.3+dfsg-5 stable Debian update.
However I'm attaching the two patches for this issue.
** Patch added: "0001-ticket-6876.patch"
https://bugs.launchpa
This bug is being fixed for Debian; I hope to get into a squeeze update.
Note that Ubuntu probably wants all the other things in the upcoming
1.8.3+dfsg-5 stable Debian update.
However I'm attaching the two patches for this issue.
--
You received this bug notification because you are a member of
** Changed in: krb5 (Ubuntu)
Status: New => In Progress
** Changed in: krb5 (Ubuntu)
Assignee: (unassigned) => Sam Hartman (hartmans)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
> "Mark" == Mark Deneen <715...@bugs.launchpad.net> writes:
Mark> Sam, I'll give it a shot. -- You received this bug
Mark> notification because you are subscribed to krb5 in ubuntu.
Mark> https://bugs.launchpad.net/bugs/715579
I'm sorry I asked you to do this.
I didn't see your n
> "Mark" == Mark Deneen <715...@bugs.launchpad.net> writes:
Mark> I built 1.8.3 from the natty source package, but the problem
Mark> still exists in that version.
If you're comfortable trying a package out of my PPA (I'm the Debian
krb5 maintainer and a member of the upstream core tea
I'm not against including a patch in the Debian package to reduce Ubuntu
deltas. I want to make sure that things continue to work if inserv is
used as that's where Debian is going. If we can preserve that, I think
that having a patch mostly intended for Ubuntu is fine.
--
You received this bug
This bug also exists in Debian; here's a patch I'll upload in a future
Debian krb5 version that will eventually make its way into Ubuntu.
** Patch added:
"0001-Fix-default-location-of-kpropd.acl-in-kpropd.M-LP-68.patch"
https://bugs.launchpad.net/bugs/688464/+attachment/1761750/+files/0001-F
In Debian unstable installing krb5-kdxc-ldap automatically changes the
order. This could be backported.
"Clint Byrum" wrote:
>Since both services may depend on the other in ways that will break, we
>can only support a default configuration.
>
>The server guide currently does not have kerberos de
My guess is that the DES only checkbox is checked in your AD
configuration for the service account used by the Apache server. If you
clear that checkbox and generate a keytab including both RC4 and DES
keys then I suspect allow_weak_crypto will not be needed.
I'm sorry, but I do not have instruct
> "Thierry" == Thierry Carrez writes:
Thierry> @Sam: let me know if you feel comfortable applying that
Thierry> patch now. Once it's fixed in sid/maverick, I'll push a SRU
Thierry> for lucid.
Sure. I will attempt to get to it this weekend.
Anything you want me to do to make the
> "Gerald" == Gerald Carter writes:
Gerald> I think Sam is wanting to know if likewise has submitted the
Gerald> patch to upstream MIT krb5. If that is the case, I'll check
Gerald> on the state of things and update the bug report.
That is. Early on you mentioned you thought thi
So, it's my understanding that we're still waiting for a confirmation
that this patch has been submitted upstream and for an upstream review
of the patch, right?
--
likewise-open fails to join Windows 2000 SP4 domain
https://bugs.launchpad.net/bugs/551901
You received this bug notification becaus
> "J" == J Bruce Fields writes:
J> "We're adding an API to krb5 to fix this for OpenAFS. Because of
J> the way the API is constructed, it's very difficult for GSSD to
J> actually call it."
J> Do you have a pointer to the details?
/* Allows the appplication to override the pr
> "jean-yves" == jean-yves chateaux writes:
>> If Allow_weak_crypto = true is making things work better with
>> Windows,
jean-yves> something is broken somewhere else to cause this.
jean-yves> Without this parameter in krb5.conf the auth against the
jean-yves> ADS to
> "Jesper" == Jesper Krogh writes:
Jesper> Hi Russ. I cannot say anything about what other are
Jesper> Would a patch that makes the behaviour configurable be
Jesper> acceptable?
I think that this patch should be accepted only if upstream is
interested in the patch. Given that u
In terms of work arounds, if your KDC is an AD KDc, you can add the
final hostnames as ServicePrincipalName attributes on AD for the account
in question. That should make things work either for a Windows server
or for a 1.7+ MIT server.
If your KDC is Unix you can add principals for the final hos
Well, everything should work fine if you make your DNS consistent.
Honestly if I was going to make a behavior change here I'd have Firefox
call gss_import_name with a name type that does not involve resolution.
--Sam
--
krb5 prefers the reverse pointer no matter what for locating service ticke
1 - 100 of 125 matches
Mail list logo
