From: Greg Hudson
Sent: Tuesday, February 03, 2015 11:20 AM
I have duplicated this problem; rename_principal breaks all the time
with LDAP, but works with BDB. This has likely been the case since
Hmm, that's a bummer, I was just about to avail of rename_principal
functionality with an LDAP
On 03 Feb 2015, at 20:20, Greg Hudson ghud...@mit.edu wrote:
The fix is not completely trivial, so I may not get to it immediately.
When I do have a fix prepared, I would guess that you will need to
rebuild from source in order to take advantage of it, as getting a fix
pulled up to an
I'm trying to find all the steps necessary for successfully changing a username
on our system, and it appears that when I try to rename the corresponding
principal using kadmin, the principal just disappears (see the transcript
below).
I'm using 1.12 as distributed with Ubuntu 14.04.1 LTS
On 02/03/2015 08:09 AM, Rasmus Borup Hansen wrote:
I'm trying to find all the steps necessary for successfully changing a
username on our system, and it appears that when I try to rename the
corresponding principal using kadmin, the principal just disappears (see the
transcript below).
I
It has nothing to do with keytabs. The problem seems to go away once we use
setspn to create the SPN under the same unix account in AD. The spn mapping
does exists from host-HTTP, so in theory we should not have to create SPN.
Anyway, I need to raise this question to Microsoft unless you know
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2015-001
MIT krb5 Security Advisory 2015-001
Original release: 2015-02-03
Last update: 2015-02-03
Topic: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
VU#540092
CVE-2014-5352: gss_process_context_token() incorrectly
