Your message dated Thu, 12 Oct 2017 06:48:46 +0000 with message-id <[email protected]> and subject line Bug#872787: fixed in sssd 1.15.3-2 has caused the Debian Bug report #872787, regarding sssd-common: generate-config uses some obsolete keywords (krb5_changepw_principle/krb5_kdcip) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 872787: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872787 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: sssd-common Version: 1.15.0-3 Severity: important Tags: patch The sssd.conf file created by generate-config contain a few statements that is now obsolete: # /usr/share/sssd/generate-config > /etc/sssd/sssd.conf # sssd -i (Mon Aug 21 10:54:51:063619 2017) [sssd] [sss_ini_call_validators] (0x0020): [rule/allowed_domain_options]: Attribute 'krb5_changepw_principle' is not allowed in section 'domain/uio.no'. Check for typos. (Mon Aug 21 10:54:51 2017) [sssd[be[uio.no]]] [krb5_try_kdcip] (0x0010): Your configuration uses the deprecated option 'krb5_kdcip' to specify the KDC. Please change the configuration to use the 'krb5_server' option instead. (Mon Aug 21 10:54:51 2017) [sssd[be[uio.no]]] [krb5_try_kdcip] (0x0010): Your configuration uses the deprecated option 'krb5_kdcip' to specify the KDC. Please change the configuration to use the 'krb5_server' option instead. (Mon Aug 21 10:54:51 2017) [sssd[be[uio.no]]] [krb5_init_kpasswd] (0x0010): Missing krb5_kpasswd option and KDC set explicitly, will use KDC for pasword change operations! (Mon Aug 21 10:54:51 2017) [sssd[pam]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported] (Mon Aug 21 10:54:51 2017) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported] The following patch take care of the changes needed to avoid the obsolete keywords. --- /usr/share/sssd/generate-config 2017-02-04 17:34:06.000000000 +0100 +++ /tmp/generate-config 2017-08-21 10:52:45.853714986 +0200 @@ -126,9 +126,8 @@ if [ "$kerberosserver" ] ; then cat <<EOF -krb5_kdcip = $kerberosserver +krb5_server = $kerberosserver krb5_realm = $kerberosrealm -krb5_changepw_principle = kadmin/changepw krb5_auth_timeout = 15 EOF fi With this change in place, sssd is correctly configured using generate-config here at the University of Oslo. :) -- Happy hacking Petter Reinholdtsen
--- End Message ---
--- Begin Message ---Source: sssd Source-Version: 1.15.3-2 We believe that the bug you reported is fixed in the latest version of sssd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Timo Aaltonen <[email protected]> (supplier of updated sssd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 12 Oct 2017 08:24:51 +0300 Source: sssd Binary: sssd sssd-common sssd-ad sssd-ad-common sssd-dbus sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools libnss-sss libpam-sss libipa-hbac0 libipa-hbac-dev libsss-certmap0 libsss-certmap-dev libsss-idmap0 libsss-idmap-dev libsss-nss-idmap0 libsss-nss-idmap-dev libsss-sudo libsss-simpleifp0 libsss-simpleifp-dev libwbclient-sssd libwbclient-sssd-dev python-libipa-hbac python-libsss-nss-idmap python-sss python3-libipa-hbac python3-libsss-nss-idmap python3-sss Architecture: source Version: 1.15.3-2 Distribution: unstable Urgency: medium Maintainer: Debian SSSD Team <[email protected]> Changed-By: Timo Aaltonen <[email protected]> Description: libipa-hbac-dev - FreeIPA HBAC Evaluator library -- development files libipa-hbac0 - FreeIPA HBAC Evaluator library libnss-sss - Nss library for the System Security Services Daemon libpam-sss - Pam module for the System Security Services Daemon libsss-certmap-dev - Certificate mapping library for SSSD -- development files libsss-certmap0 - Certificate mapping library for SSSD libsss-idmap-dev - ID mapping library for SSSD -- development files libsss-idmap0 - ID mapping library for SSSD libsss-nss-idmap-dev - SID based lookups library for SSSD -- development files libsss-nss-idmap0 - SID based lookups library for SSSD libsss-simpleifp-dev - SSSD D-Bus responder helper library -- development files libsss-simpleifp0 - SSSD D-Bus responder helper library libsss-sudo - Communicator library for sudo libwbclient-sssd - SSSD libwbclient implementation libwbclient-sssd-dev - SSSD libwbclient implementation -- development files python-libipa-hbac - Python bindings for the FreeIPA HBAC Evaluator library python-libsss-nss-idmap - Python bindings for the SID lookups library python-sss - Python module for the System Security Services Daemon python3-libipa-hbac - Python3 bindings for the FreeIPA HBAC Evaluator library python3-libsss-nss-idmap - Python3 bindings for the SID lookups library python3-sss - Python3 module for the System Security Services Daemon sssd - System Security Services Daemon -- metapackage sssd-ad - System Security Services Daemon -- Active Directory back end sssd-ad-common - System Security Services Daemon -- PAC responder sssd-common - System Security Services Daemon -- common files sssd-dbus - System Security Services Daemon -- D-Bus responder sssd-ipa - System Security Services Daemon -- IPA back end sssd-kcm - System Security Services Daemon -- Kerberos KCM server implementa sssd-krb5 - System Security Services Daemon -- Kerberos back end sssd-krb5-common - System Security Services Daemon -- Kerberos helpers sssd-ldap - System Security Services Daemon -- LDAP back end sssd-proxy - System Security Services Daemon -- proxy back end sssd-tools - System Security Services Daemon -- tools Closes: 872787 877885 Changes: sssd (1.15.3-2) unstable; urgency=medium . * control: Fix libipa-hbac-dev short description. * generate-config: Update the config template. (Closes: #872787) * sysdb-sanitize-search-filter-input.diff: Fix CVE-2017-12173. (Closes: #877885) Checksums-Sha1: 9b45a787b815eac87e456efcc5f4a8896bb04a7f 4605 sssd_1.15.3-2.dsc a6d7d69f7f9f63310ba18128badef45e4965b810 39403 sssd_1.15.3-2.diff.gz Checksums-Sha256: d6f6dd4597f28987115404ce84b4277f0a7876bce7c91ac676d052b0a544a4d9 4605 sssd_1.15.3-2.dsc 214686f109616ca04ea25d85479aab1fd86e94e8f19e02ec7b4eb294dca82cc8 39403 sssd_1.15.3-2.diff.gz Files: d77e48622fd4bc1c7eb3e16581cdebe2 4605 utils extra sssd_1.15.3-2.dsc f012c1df55ebe7bd0f517614f9460cc0 39403 utils extra sssd_1.15.3-2.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJZ3wyCAAoJEMtwMWWoiYTczmwQAInMC6ysZIy3PcJTKYSAu21L uTYkM8HYAWb/rqAwBWzLVdCuN1jeZx1RnVxJuG03xrOZncRshFYl0Mp2Y3oqqxIX goHdnCE07ziTtC8ipSS9mH6FDqQLk/ZeaffIOs+PoRbY1NR/CPx8FPixWIFjwpQ/ YUAjcSexq+V4SfWwafYqtkYXnM91ZH/gGojyC4UjAhDoyFCn3bsg4JwEEgqnWvUL eJomk1UiqHv6op0xtIJNcELN89pLMODWkZ36hFfIBAJvgVX2cKs6KjLJZ0U1x7Pc fzZsgH3OwSJpVlrDLVmUB/s+kp1jmZV2UvkKTk9/wr5o2d/gKg2vRnIYdB/tukdz iPZhHLLhbWOTdGg/UufkL1GqISHzuzgaAEgRUxn/iXbwkZNtFsutShfw6S9rMZuw kRdnLWpV3z/0aMf/ketLzlo0hFarWbvlHFXE8FWyW4VzwYZkutaYHKhTKivYLTgV RfFYcVjIYU8qK0/wZDlc66FTVpQD0DltyDyA8ZlrMPw76fXwK9dbgOvNJlhNrlre 2G/om69P53ke+yvzdwQibSFVgEAE6LLmWESfTRn4ehE2HZ8CkNZBZXVF/SEdCFU8 4MiP1q1wB0PLxrhXRsh4GFEM1rkNQKFR/rQEFwmg7Vq9oaj7ooTgelN3rDJH6xF8 I5RufWYuu5/H711Wx88W =0PKo -----END PGP SIGNATURE-----
--- End Message ---
