[Pkg-sssd-devel] Bug#872787: sssd-common: generate-config uses some obsolete keywords (krb5_changepw_principle/krb5_kdcip)

Petter Reinholdtsen pere at hungry.com
Mon Aug 21 09:12:21 UTC 2017 

Package: sssd-common
Version: 1.15.0-3
Severity: important
Tags: patch

The sssd.conf file created by generate-config contain a few statements
that is now obsolete:

# /usr/share/sssd/generate-config > /etc/sssd/sssd.conf
# sssd -i
(Mon Aug 21 10:54:51:063619 2017) [sssd] [sss_ini_call_validators] (0x0020): [rule/allowed_domain_options]: Attribute 'krb5_changepw_principle' is not allowed in section 'domain/uio.no'. Check for typos.
(Mon Aug 21 10:54:51 2017) [sssd[be[uio.no]]] [krb5_try_kdcip] (0x0010): Your configuration uses the deprecated option 'krb5_kdcip' to specify the KDC. Please change the configuration to use the 'krb5_server' option instead.
(Mon Aug 21 10:54:51 2017) [sssd[be[uio.no]]] [krb5_try_kdcip] (0x0010): Your configuration uses the deprecated option 'krb5_kdcip' to specify the KDC. Please change the configuration to use the 'krb5_server' option instead.
(Mon Aug 21 10:54:51 2017) [sssd[be[uio.no]]] [krb5_init_kpasswd] (0x0010): Missing krb5_kpasswd option and KDC set explicitly, will use KDC for pasword change operations!
(Mon Aug 21 10:54:51 2017) [sssd[pam]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported]
(Mon Aug 21 10:54:51 2017) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported]

The following patch take care of the changes needed to avoid the
obsolete keywords.

--- /usr/share/sssd/generate-config     2017-02-04 17:34:06.000000000 +0100
+++ /tmp/generate-config        2017-08-21 10:52:45.853714986 +0200
@@ -126,9 +126,8 @@
 if [ "$kerberosserver" ] ; then
     cat <<EOF
 
-krb5_kdcip = $kerberosserver
+krb5_server = $kerberosserver
 krb5_realm = $kerberosrealm
-krb5_changepw_principle = kadmin/changepw
 krb5_auth_timeout = 15
 EOF
 fi

With this change in place, sssd is correctly configured using
generate-config here at the University of Oslo. :)

-- 
Happy hacking
Petter Reinholdtsen

More information about the Pkg-sssd-devel mailing list