[Bug 1933098] [NEW] [SRU] krb5-config is not needed for Active Directory support

Didier Roche 1933098 at bugs.launchpad.net
Mon Jun 21 11:46:23 UTC 2021 

Public bug reported:

[Impact]

 * We realized that sssd can still download GPO for password security
rules even without krb5-config set. Also, it doesn’t need it to generate
krb5 tickets.

[Test Plan]

 * Install the patch ubiquity version before starting it. Ensure that
you have a sssd version with the GPO patch to check that GPO are
downloaded

 * Proceed with the installation,enable Active Directory integration and
reboot on the installed version.

 * After login in with a user registered on the Active Directory, you
should have a /var/lib/sss/gpo_cache directory filed up with content.
Also, /tmp should contain the krb5 user ticket.

[Where problems could occur]

 * This code impacts the Active Directory only option by reverting an
isolated commit in it.

** Affects: ubiquity (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: ubiquity (Ubuntu Focal)
     Importance: Undecided
         Status: New

** Also affects: ubiquity (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Changed in: ubiquity (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1933098

Title:
  [SRU] krb5-config is not needed for Active Directory support

Status in ubiquity package in Ubuntu:
  Fix Released
Status in ubiquity source package in Focal:
  New

Bug description:
  [Impact]

   * We realized that sssd can still download GPO for password security
  rules even without krb5-config set. Also, it doesn’t need it to
  generate krb5 tickets.

  [Test Plan]

   * Install the patch ubiquity version before starting it. Ensure that
  you have a sssd version with the GPO patch to check that GPO are
  downloaded

   * Proceed with the installation,enable Active Directory integration
  and reboot on the installed version.

   * After login in with a user registered on the Active Directory, you
  should have a /var/lib/sss/gpo_cache directory filed up with content.
  Also, /tmp should contain the krb5 user ticket.

  [Where problems could occur]

   * This code impacts the Active Directory only option by reverting an
  isolated commit in it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1933098/+subscriptions

More information about the foundations-bugs mailing list