Trusty has reached its end of standard support.
** Changed in: krb5 (Ubuntu Trusty)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1817955
Title:
Getting new "DN is out of the realm subtree" error on adding principal
Status in krb5 package in Ubuntu:
Fix Released
Status in krb5 source package in Trusty:
Won't Fix
Bug description:
Recently applied security update to 14.04.5 LTS kerberos
(1.12+dfsg-2ubuntu5.4), and started getting errors when adding new
principals to LDAP.
Obfuscated example:
kadmin.local -q "ank -x
dn=\"uid=testuser,ou=People,dc=example,dc=com\" -pw \"dummypass\"
testuser"
now gives:
Authenticating as principal root/ad...@test.example.com with password.
NOTICE: no policy specified for testu...@test.example.com; assigning "default"
add_principal: DN is out of the realm subtree while creating
"testu...@test.example.com".
This worked up through 1.12+dfsg-2ubuntu5.3, and I think it now fails due to
changes in src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in response to
CVE-2018-5729 or CVE-2018-5730.
I'm going to attempt a downgrade to 1.12+dfsg-2ubuntu5.3 to check.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1817955/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
