[Freeipa-users] version mismatch while joining a client ?
Steven Jones
Steven.Jones at vuw.ac.nz
Thu Jul 28 21:59:46 UTC 2011
I just downgraded libcurl and curl on rhel6.1 client....still broken.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Thursday, 28 July 2011 9:13 a.m.
To: Steven Jones
Cc: Robert M. Albrecht; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] version mismatch while joining a client ?
Steven Jones wrote:
> Hi,
>
> It appears this change also effects RHEL6.1 as well....I have the same message when I try and join new machines.
Yes, updates were done for at least Fedora 14, 15, rawhide, EL5 and EL6.
This was considered a security issue so updates were pushed everywhere.
rob
>
> regards
>
> Steven
> Technical Specialist - Linux RHCE
> Victoria University, Wellington, NZ
>
> 8><-----
>
>> Joining realm failed because of failing XML-RPC request.
>> This error may be caused by incompatible server/client major versions.
>
> 8><-----
>
> I think this is the problem caused by a recent libcurl change. libcurl
> recently dropped support for GSSAPI ticket delegation which is needed
> for the enrollment. If you look in the Apache error log on the IPA
> server I'll bet there is an error about principal.
>
> We're waiting on upstream to add support for forwarding back in. Until
> then your options are limited. The change was made because it was
> considered a security issue: whenever forwarding was allow the ticket
> was sent whether it was requested or not.
>
> Downgrading libcurl will fix the problem for enrollment. You should
> evaluate the CVE to decide the course of action:
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2192
>
> rob
>
> 8><----
More information about the Freeipa-users
mailing list