[Pkg-freeipa-devel] Bug#1034659: Bug#1034659: Bug#1034659: freeipa-client: IPA client Kerberos configuration incompatible with java
Mathieu Baudier
mbaudier at argeo.org
Fri Apr 21 08:45:20 BST 2023
> > Okay, so it got added to sssd due to
> >
> > https://github.com/SSSD/sssd/issues/5893
> >
> > so I wonder if ipa should stop doing the same, and remove the line
> > from
> > krb5.conf on upgrade.
>
> Seems this is filed upstream already at
>
> https://pagure.io/freeipa/issue/9267
>
> but no fix available yet, so it needs to be fixed downstream first.
Ok, I had missed that it was already filed upstream.
Actually, the issue also occurs on RHEL 9.
I am well set up to test a patched Debian package if it can be helpful.
As I described in the original bug report above, the workaround is
either to delete /etc/krb5.conf.d/enable_sssd_conf_dir or to comment
the includedir line out.
It could be more robust to patch it at this level since
/etc/krb5.conf.d/enable_sssd_conf_dir is a static file, while
/etc/krb5.conf is modified by ipa-client-install. But on the long run,
the upstream fix will probably be at IPA level as you suggested, so
maybe it is safer to keep a patch there, and not to impact sssd.
More information about the Pkg-freeipa-devel
mailing list