Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2087

Failure to map principal to local username in FreeIPA-configured environment

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.3.1, 1.4.0
    • Fix Version/s: 1.3.2, 1.5.0, 1.4.1
    • Component/s: security
    • Labels:
      None

      Description

      FreeIPA is a tool provided by Red Hat which helps operators configure and manage an integrated LDAP + Kerberos environment (sort of a parallel of Active Directory from what I can tell). In this environment, the local MIT krb5 installation is configured to use the SSD 'localauth' plugin, which is responsible for mapping principals to usernames by implementing the krb5_auth_to_localname() API.

      In this environment, Kudu fails to start with Kerberos enabled because the krb5_auth_to_localname() API is returning KRB5_PLUGIN_NO_HANDLE when it tries to map its own principal to a username.

        Attachments

          Activity

            People

            • Assignee:
              tlipcon Todd Lipcon
              Reporter:
              tlipcon Todd Lipcon
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: