Bug#762843: lookup_sss.so missing - fixed in the unreleased 5.0.8-2 version
Autofs over sssd is still unusable in jessie, could this be fixed in 8.6 release? Thanks, Christophe On Sun, 12 Apr 2015 22:36:07 +0200 Tomas Forsman <st...@cs.umu.se> wrote: > On 17 February, 2015 - Tomas Forsman wrote: > > > Hello. > > > > The last changes (10 months ago) to autofs.git, preliminarily becoming > > 5.0.8-2, seems to fix the missing lookup_sss.so. > > > > Tested on Jessie on x86_64 as of today, 2015-02-17, with HEAD from > > http://anonscm.debian.org/cgit/collab-maint/autofs.git as of today. > > It seems like 5.0.8-2 was released recently, but without this fix. > > It would be really helpful if a -3 with this fix could be pushed into > jessie. > > Applying the two following commits, which were committed a year ago: > http://anonscm.debian.org/cgit/collab-maint/autofs.git/commit/?id=ab5bf434c761a70f41f0dcabae842320ed5ccf43 > http://anonscm.debian.org/cgit/collab-maint/autofs.git/commit/?id=47990f82c651966ee00858b1730f72475903f441 > (minus the changelog entries) onto 5.0.8-2 brings a working autofs+sss > in jessie. > > The bug closer is for the 5.1.0, in experimental, which unfortunately > does not help Jessie users. > > /Tomas > -- > Tomas Forsman, st...@cs.umu.se, http://www.cs.umu.se/~stric/ > `- SysAdmin at Computing Science, University of Umeå > > -- * Christophe Ségui Responsable informatique* Institut de Mathématiques de Toulouse Université de Toulouse - CNRS 118 Route de Narbonne 31062 Toulouse Cedex 09 Tel : (+33) 5 61 55 63 78 christophe.se...@math.univ-toulouse.fr http://www.math.univ-toulouse.fr signature.asc Description: OpenPGP digital signature
Bug#760476: gnutls28 3.3.8-3
Hi andreas, I confirm, your fix works. thanks Christophe. On 10/11/2014 19:48, Andreas Metzler wrote: On 2014-10-22 Christophe Ségui christophe.se...@math.univ-toulouse.fr wrote: Here is the trace of cups in start phase. Hello Christophe, could you check whether gnutls 3.3.10-1 fixes the issue for you? I have just uploaded this version to experimental, it should hit the mirrors in a couple of hours. cu Andreas -- * Christophe Ségui Responsable informatique* Institut de Mathématiques de Toulouse Université de Toulouse - CNRS 118 Route de Narbonne 31062 Toulouse Cedex 09 Tel : (+33) 5 61 55 63 78 christophe.se...@math.univ-toulouse.fr mailto:christophe.se...@math.univ-toulouse.fr http://www.math.univ-toulouse.fr www.math.univ-toulouse.fr signature.asc Description: OpenPGP digital signature
Bug#760476: gnutls28 3.3.8-3
Hello, I got this issue and tried 3.3.8-3 of gnutls but bug is still present. Regards, Christophe -- * Christophe Ségui Responsable informatique* Institut de Mathématiques de Toulouse Université de Toulouse - CNRS 118 Route de Narbonne 31062 Toulouse Cedex 09 Tel : (+33) 5 61 55 63 78 christophe.se...@math.univ-toulouse.fr mailto:christophe.se...@math.univ-toulouse.fr http://www.math.univ-toulouse.fr www.math.univ-toulouse.fr signature.asc Description: OpenPGP digital signature
Bug#712680: hprop broken after upgrade to wheezy
Dear Maintainer,
That made the trick, many thanks to you.
Cheers
Christophe
Le 11 oct. 2013 à 01:32, Brian May br...@microcomaustralia.com.au a écrit :
To anyone suffering from this bug.
Please try: -k FILE:/etc/krb5.keytab
Which should also work[1], however, obviously, requires the key be exported
first.
Please let me know if that helps.
My current understanding of the details:
The default value of -k is HDB:.
Heimdal retrieves the keytab with hdb_get_entry(). As the dbname is not given
(dbname should appear to right of HDB:), the would recurse through the list
of known databases (find_db) until a match is found. On a default Debian
configuration this is:
# ./lib/hdb/test_dbinfo
label: default
realm: no realm
dbname: /var/lib/heimdal-kdc/heimdal
mkey_file: /var/lib/heimdal-kdc/m-key
acl_file: /var/lib/heimdal-kdc/kadmind.acl
The value of dbname is used.
However before this happens, krb5_init_creds_set_keytab() is called first.
Since change 118f99e3083144523965f3afea7bdb089253da5e,
krb5_init_creds_set_keytab() checks the result of the call to
krb5_kt_start_seq_get(). Before if this failed, it didn't matter. Now it
does. This function call ends up at hdb_start_seq_get(). Unfortunately this
function does not like the fact it was not given a specific database to work
on, and fails:
if (dbname == NULL) {
/*
* We don't support enumerating without being told what
* backend to enumerate on
*/
ret = KRB5_KT_NOTFOUND;
return ret;
}
This failure is propagated back up to krb5_init_creds_set_keytab(), which
calls _krb5_kt_principal_not_found(), which sets the error. This in turn get
propagated back to hprop.c, get_creds() which prints the error:
hprop: krb5_get_init_creds: Failed to find kadmin/hp...@in.vpac.org in keytab
HDB: (unknown enctype)
Thanks
Notes:
[1] From my reading of the code, the following should work too:
-k HDB:/var/lib/heimdal-kdc/heimdal:mkey=/var/lib/heimdal-kdc/m-key
However, appears to be buggy. I get:
$7 = {dbname = 0x608e70 /var/lib/heimdal-kdc/heimdal, mkey = 0x608ea0
=/var/lib/heimdal-kdc/m-key}
strace shows:
open(=/var/lib/heimdal-kdc/m-key, O_RDONLY) = -1 ENOENT (No such file or
directory)
i.e. when hdb_resolve() parses the string it fails to skip over the = sign.
[2] As far as I can tell all the bugs presented in this email exist in the
latest master version of Heimdal.
--
Brian May br...@microcomaustralia.com.au
smime.p7s
Description: S/MIME cryptographic signature
Bug#712680: Any updates ?
Steps to reproduce are quite easy: 1-Set up a kerberos master and slave (Debian 7). Just install master package heimdal-kdc on both nodes, dependancies will bring all needed stuff. 2-Create the appropriate credentials for the slave to let him get replication (as described by Raul in his first message) 3-Exec replication with hprop command in a shell on the master and cry ... Cheers, Christophe Le 9 oct. 2013 à 06:31, Brian May br...@microcomaustralia.com.au a écrit : On 9 October 2013 00:34, Christophe Ségui christophe.se...@math.univ-toulouse.fr wrote: Any update regarding this bug ? Heimdal kerberos master still can't be upgraded to wheezy … Unfortunately i'm running a production infrastructure and cannot do the required test …. Nothing has changed since my earlier email: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712680#32 Brian May smime.p7s Description: S/MIME cryptographic signature
Bug#712680: Any updates ?
Hi Dear maintainer, Any update regarding this bug ? Heimdal kerberos master still can't be upgraded to wheezy … Unfortunately i'm running a production infrastructure and cannot do the required test …. Thanks Christophe smime.p7s Description: S/MIME cryptographic signature
Bug#712680: libkrb5-26-heimdal: hprop broken after upgrade to wheezy
Hi dear maintainer, Same issue here, exactly as described by Raoul. Cheers, Christophe -- Christophe Ségui Responsable informatique Institut de Mathématiques de Toulouse Université de Toulouse - CNRS 118 Route de Narbonne 31062 Toulouse Cedex 09 Tel : (+33) 5 61 55 63 78 christophe.se...@math.univ-toulouse.fr http://www.math.univ-toulouse.fr smime.p7s Description: S/MIME cryptographic signature
Bug#698361: Net-snmp reports incorrect disk usage for large disk
Package: snmpd Version: 5.4.3~dfsg-2 When reporting disk usage for a large disk (2TB), snmpd show up wrong information. The problem seems to be already already known and handled by the net-snmp team (http://sourceforge.net/p/net-snmp/patches/959/) Could this patch be integrated ? Thanks Regards, Christophe -- Christophe Ségui Responsable informatique Institut de Mathématiques de Toulouse Université de Toulouse - CNRS 118 Route de Narbonne 31062 Toulouse Cedex 09 Tel : (+33) 5 61 55 63 78 christophe.se...@math.univ-toulouse.fr http://www.math.univ-toulouse.fr smime.p7s Description: S/MIME cryptographic signature
Bug#679364: Bad slaptest translate for constraints size and count. Slaptest encode only size or count parametr without value.
Package: slapd Version: 2.4.23-7.2 Debian's slapd package seems to be affected by the bug described here http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6986 An upstream patch seems to be available. Is it possible to get it merged into debian's slapd ? +++-==-==- ii slapd 2.4.23-7.2 OpenLDAP server (slapd) ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries Thanks, -- Christophe Ségui Responsable informatique Institut de Mathématiques de Toulouse Université de Toulouse - CNRS 118 Route de Narbonne 31062 Toulouse Cedex 09 Tel : (+33) 5 61 55 63 78 christophe.se...@math.univ-toulouse.fr http://www.math.univ-toulouse.fr smime.p7s Description: S/MIME cryptographic signature
Bug#648056: (Bug#648056: Acknowledgement (Openldap fails to use existing cipher TLS_RSA_3DES_EDE_CBC_SHA1)))
Hi there, Could we expect something to be done against this bug ? Thanks. -- Christophe Ségui Responsable informatique Institut de Mathématiques de Toulouse Université de Toulouse - CNRS 118 Route de Narbonne 31062 Toulouse Cedex 09 Tel : (+33) 5 61 55 63 78 christophe.se...@math.univ-toulouse.fr http://www.math.univ-toulouse.fr smime.p7s Description: S/MIME cryptographic signature
Bug#648056: Info received (Bug#648056: Acknowledgement (Openldap fails to use existing cipher TLS_RSA_3DES_EDE_CBC_SHA1))
Thanks, I've no access to this bug tracker… Le 19 janv. 2012 à 11:57, Debian Bug Tracking System a écrit : Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Debian OpenLDAP Maintainers pkg-openldap-de...@lists.alioth.debian.org If you wish to submit further information on this problem, please send it to 648...@bugs.debian.org. Please do not send mail to ow...@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 648056: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648056 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Christophe Ségui Responsable de Service Service Informatique Institut de Mathématiques de Toulouse - UMR 5219 Université de Toulouse, CNRS UNIVERSITE PAUL SABATIER BAT 1R3 bur 221 118 Route de Narbonne 31062 Toulouse Cedex 9 tel : 05.61.55.63.78fax :05.61.55.75.99 ___ Economisez de l'énergie, du papier et de l'encre, n'imprimez ce message que si nécessaire. Pour en savoir plus consultez www.ecoinfo.cnrs.fr smime.p7s Description: S/MIME cryptographic signature
Bug#648056: Acknowledgement (Openldap fails to use existing cipher TLS_RSA_3DES_EDE_CBC_SHA1)
Still nothing ? Nobody's care about support of TLS_RSA_3DES_EDE_CBC_SHA1 in openldap/gnutls environment ? Regards, Le 18 nov. 2011 à 08:41, Christophe Ségui a écrit : Hi, any update on this ? Regards, Le 8 nov. 2011 à 18:27, Debian Bug Tracking System a écrit : Thank you for filing a new Bug report with Debian. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Debian OpenLDAP Maintainers pkg-openldap-de...@lists.alioth.debian.org If you wish to submit further information on this problem, please send it to 648...@bugs.debian.org. Please do not send mail to ow...@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 648056: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648056 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Christophe Ségui Responsable de Service Service Informatique Institut de Mathématiques de Toulouse - UMR 5219 Université de Toulouse, CNRS UNIVERSITE PAUL SABATIER BAT 1R3 bur 221 118 Route de Narbonne 31062 Toulouse Cedex 9 tel : 05.61.55.63.78 fax :05.61.55.75.99 ___ Economisez de l'énergie, du papier et de l'encre, n'imprimez ce message que si nécessaire. Pour en savoir plus consultez www.ecoinfo.cnrs.fr ___ Christophe Ségui Responsable de Service Service Informatique Institut de Mathématiques de Toulouse - UMR 5219 Université de Toulouse, CNRS UNIVERSITE PAUL SABATIER BAT 1R3 bur 221 118 Route de Narbonne 31062 Toulouse Cedex 9 tel : 05.61.55.63.78fax :05.61.55.75.99 ___ Economisez de l'énergie, du papier et de l'encre, n'imprimez ce message que si nécessaire. Pour en savoir plus consultez www.ecoinfo.cnrs.fr smime.p7s Description: S/MIME cryptographic signature
Bug#648056: Acknowledgement (Openldap fails to use existing cipher TLS_RSA_3DES_EDE_CBC_SHA1)
Hi, any update on this ? Regards, Le 8 nov. 2011 à 18:27, Debian Bug Tracking System a écrit : Thank you for filing a new Bug report with Debian. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Debian OpenLDAP Maintainers pkg-openldap-de...@lists.alioth.debian.org If you wish to submit further information on this problem, please send it to 648...@bugs.debian.org. Please do not send mail to ow...@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 648056: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648056 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Christophe Ségui Responsable de Service Service Informatique Institut de Mathématiques de Toulouse - UMR 5219 Université de Toulouse, CNRS UNIVERSITE PAUL SABATIER BAT 1R3 bur 221 118 Route de Narbonne 31062 Toulouse Cedex 9 tel : 05.61.55.63.78fax :05.61.55.75.99 ___ Economisez de l'énergie, du papier et de l'encre, n'imprimez ce message que si nécessaire. Pour en savoir plus consultez www.ecoinfo.cnrs.fr smime.p7s Description: S/MIME cryptographic signature
Bug#648056: Openldap fails to use existing cipher TLS_RSA_3DES_EDE_CBC_SHA1
Package: slapd Version: 2.4.23-7.2 Openldap refuses to use cipher TLS_RSA_3DES_EDE_CBC_SHA1 when the cipher is available to the system. Here is the output of gnutls-cli: ldap3:/etc/ldap# gnutls-cli -l | grep TLS_RSA_3DES_EDE_CBC_SHA1 TLS_RSA_3DES_EDE_CBC_SHA1 0x00, 0x0a SSL3.0 and gnutls-serv ldap3:/etc/ldap# gnutls-serv -l | grep TLS_RSA_3DES_EDE_CBC_SHA1 TLS_RSA_3DES_EDE_CBC_SHA1 0x00, 0x0a SSL3.0 and openldap refuses to start when this cipher is used (and only this one) : ldap3:/etc/ldap# /usr/sbin/slapd -h ldap:/// ldaps:/// ldapi:/// -g openldap -u openldap -d9 […] TLS: could not set cipher list TLS_RSA_3DES_EDE_CBC_SHA1. main: TLS init def ctx failed: -1 slapd destroy: freeing system resources. syncinfo_free: rid=124 slapd stopped. connections_destroy: nothing to destroy. Here is the TLS relevant part of slapd.conf: TLSCertificateFile /etc/ldap/ldap3.math.ups-tlse.fr.pem TLSCertificateKeyFile /etc/ldap/ldap3.math.ups-tlse.fr.key TLSCACertificateFile /etc/ldap/CNRS2-Standard.crt.full.tls TLSCipherSuite TLS_RSA_3DES_EDE_CBC_SHA1 Here are the version of libldap, libgnutls26: ii libgnutls26 2.8.6-1 the GNU TLS library - runtime library ii libldap-2.4-2 2.4.23-7.2OpenLDAP libraries Best Regards, ___ Christophe Ségui Responsable de Service Service Informatique Institut de Mathématiques de Toulouse - UMR 5219 Université de Toulouse, CNRS UNIVERSITE PAUL SABATIER BAT 1R3 bur 221 118 Route de Narbonne 31062 Toulouse Cedex 9 tel : 05.61.55.63.78fax :05.61.55.75.99 ___ Economisez de l'énergie, du papier et de l'encre, n'imprimez ce message que si nécessaire. Pour en savoir plus consultez www.ecoinfo.cnrs.fr smime.p7s Description: S/MIME cryptographic signature
Bug#596102: Perdition Fails to parse nis map correctly and therefore breaks nis support
Package: perdition Version: 1.19~rc3-2 Severity: serious Perdition is unable to parse nis map which breaks nis support. The bug is in perditiondb_nis.c. The syscall ypmatch is not used with the right value for the inkeylen argument : the value used is strlen(key)+1 and should be strlen(key) Here is a proposal to patch this issue jazz Signed-off-by: jazz j...@vaala.mine.nu --- perdition/db/nis/perditiondb_nis.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: perdition-1.19~rc3/perdition/db/nis/perditiondb_nis.c === --- perdition-1.19~rc3.orig/perdition/db/nis/perditiondb_nis.c +++ perdition-1.19~rc3/perdition/db/nis/perditiondb_nis.c @@ -87,7 +87,7 @@ int dbserver_get( res = yp_match(domain, map, key_str, - strlen(key_str) + 1, + strlen(key_str), str_return, len_return); attachment: christophe_segui.vcf
