[Freeipa-devel] [PATCH] 947 fix synxtax in 30-s4u2proxy.update
Martin Kosek
mkosek at redhat.com
Wed Feb 15 10:23:59 UTC 2012
On Tue, 2012-02-14 at 15:51 -0500, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Mon, 2012-02-13 at 11:43 -0500, Rob Crittenden wrote:
> >> Remove quotes around a value in 30-s4u2proxy.update. The update was
> >> failing to apply.
> >>
> >> I also noticed that FQDN wasn't being set properly in all cases in
> >> sub_dict. This should fix it.
> >>
> >> rob
> >
> > This patch did not apply for me. I guess it depends on some other patch
> > that fixes wrong DN in s4u2proxy ipaAllowedTargets:
> >
> > -default: ipaAllowedTarget: 'cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX'
> > +default: ipaAllowedTarget: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
> >
> > Current update file says:
> >
> > default: ipaAllowedTarget: 'cn=ipa-ldap-delegation-targets,cn=etc,$SUFFIX'
> >
> > which is a non-existent DN.
> >
> > Martin
> >
>
> It relies on patch 941
Yeah, that's the one.
I am now testing all the upgrade patches, but I s4u2proxy does not work
for me yet on upgraded server instance (tested on F16). krb5kdc keeps
reporting decrypt errors:
/var/log/krb5kdc.log:
Feb 15 04:25:43 vm-068.idm.lab.bos.redhat.com krb5kdc[872](info):
TGS_REQ (4 etypes {18 17 16 23}) 10.16.78.68: PROCESS_TGS: authtime 0,
<unknown client> for <unknown server>, Decrypt integrity check failed
Feb 15 04:25:43 vm-068.idm.lab.bos.redhat.com krb5kdc[872](info):
TGS_REQ (4 etypes {18 17 16 23}) 10.16.78.68: PROCESS_TGS: authtime 0,
<unknown client> for <unknown server>, Decrypt integrity check failed
New installs on the same machine work though. I am still trying to find
out the root cause of this.
Martin
More information about the Freeipa-devel
mailing list