• krb5-1.18.2-26.el8_9
    • None
    • None
    • ZStream
    • 7
    • rhel-sst-idm-ipa
    • 13
    • 14
    • 5
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • 2023-Q3-Bravo-S6, 2023-Q4-Bravo-S1, 2023-Q4-Bravo-S2, 2023-Q4-Bravo-S3, 2023-Q4-Bravo-S4, 2023-Q4-Bravo-S5, 2023-Q4-Bravo-S6
    • Approved Blocker
    • Bug Fix
    • Hide
      .Kerberos Key Distribution Centers version 1.20 and later now process tickets generated from KDCs running version 1.18.2 and earlier

      Previously, a compatibility issue occurred between a Key Distribution Center (KDC) running Kerberos version 1.20 or later and a KDC running version 1.18.2 or earlier. As a consequence, when evidence tickets issued by the KDC running Kerberos 1.20 or later were sent to the KDC running Kerberos 1.18.2 or earlier, the older KDC rejected the ticket granting service request because it lacked support for the `AD-SIGNTICKET` attribute.

      With this update, earlier versions of KDC now accept evidence tickets generated by KDCs running Kerberos 1.20 and newer, as they no longer require `AD-SIGNTICKET` when a Privileged Attribute Certificate (PAC) is present.
      Show
      .Kerberos Key Distribution Centers version 1.20 and later now process tickets generated from KDCs running version 1.18.2 and earlier Previously, a compatibility issue occurred between a Key Distribution Center (KDC) running Kerberos version 1.20 or later and a KDC running version 1.18.2 or earlier. As a consequence, when evidence tickets issued by the KDC running Kerberos 1.20 or later were sent to the KDC running Kerberos 1.18.2 or earlier, the older KDC rejected the ticket granting service request because it lacked support for the `AD-SIGNTICKET` attribute. With this update, earlier versions of KDC now accept evidence tickets generated by KDCs running Kerberos 1.20 and newer, as they no longer require `AD-SIGNTICKET` when a Privileged Attribute Certificate (PAC) is present.
    • Done
    • None

      Cloned from https://pagure.io/freeipa/issue/9448

      ***
      Upstream mailing list discussion thread: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/FLZYF6YKRRU5DIJ6RCYLJKI6Y2MGRE4B/

      If evidence ticket is issued by IPA KDC running krb5 1.20+, IPA KDC running krb5 1.18.2 or earlier will fail the request with a KRB5KDC_ERR_BADOPTION error ("KDC can't fulfill requested option"):

       

      Sep 07 09:24:40 ipa5.ipa.example.com krb5kdc[239017](info): TGS_REQ : handle_authdata (-1765328371) Sep 07 09:24:40 ipa5.ipa.example.com krb5kdc[239017](info): TGS_REQ (6 etypes {aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), camellia256-cts-cmac(26), aes128-cts-hmac-sha1-96(17), aes128-cts-hmac-sha256-128(19), camellia128-cts-cmac(25)}) 192.168.88.5: HANDLE_AUTHDATA: authtime 1694078668, etypes {rep=UNSUPPORTED:(0)} HTTP/ipa5.ipa.example.com(a)IPA.EXAMPLE.COM for ldap/ipa5.ipa.example.com(a)IPA.EXAMPLE.COM, KDC can't fulfill requested option Sep 07 09:24:40 ipa5.ipa.example.com krb5kdc[239017](info): ... CONSTRAINED-DELEGATION s4u-client=host/xoanon.ipa.example.com(a)IPA.EXAMPLE.COM Sep 07 09:24:40 ipa5.ipa.example.com krb5kdc[239017](info): closing down fd 12  

       

            [RHEL-10495] Tolerate absence of AD-SIGNEDPATH [rhel-8.10]

            Michal Polovka made changes -
            Test Coverage Original: Yes [ 31555 ] New: Automated [ 38950 ]
            Errata Tool made changes -
            Resolution New: Done-Errata [ 10803 ]
            Status Original: Release Pending [ 15735 ] New: Closed [ 6 ]

            Errata Tool added a comment -

            Since the problem described in this issue should be resolved in a recent advisory, it has been closed.

            For information on the advisory (Moderate: idm:DL1 security update), and where to find the updated files, follow the link below.

            If the solution does not work for you, open a new bug report.
            https://access.redhat.com/errata/RHSA-2024:3044

            Errata Tool added a comment - Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (Moderate: idm:DL1 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2024:3044
            Errata Tool made changes -
            Release Date New: 2024/05/22
            Dominika Borges made changes -
            Release Note Text Original: .Kerberos Key Distribution Centers (KDCs) version 1.20 and later now process tickets generated from KDCs running version 1.18.2 and earlier

            Previously, a compatibility issue occurred between a Key Distribution Center (KDC) running Kerberos version 1.20 or later and a KDC running version 1.18.2 or earlier. As a consequence, when evidence tickets issued by the KDC running Kerberos 1.20 or later were sent to the KDC running Kerberos 1.18.2 or earlier, the older KDC rejected the ticket granting service request because it lacked support for the `AD-SIGNTICKET` attribute.

            With this update, earlier versions of KDC now accept evidence tickets generated by KDCs running Kerberos 1.20 and newer, as they no longer require `AD-SIGNTICKET` when a Privileged Attribute Certificate (PAC) is present.
            New: .Kerberos Key Distribution Centers version 1.20 and later now process tickets generated from KDCs running version 1.18.2 and earlier

            Previously, a compatibility issue occurred between a Key Distribution Center (KDC) running Kerberos version 1.20 or later and a KDC running version 1.18.2 or earlier. As a consequence, when evidence tickets issued by the KDC running Kerberos 1.20 or later were sent to the KDC running Kerberos 1.18.2 or earlier, the older KDC rejected the ticket granting service request because it lacked support for the `AD-SIGNTICKET` attribute.

            With this update, earlier versions of KDC now accept evidence tickets generated by KDCs running Kerberos 1.20 and newer, as they no longer require `AD-SIGNTICKET` when a Privileged Attribute Certificate (PAC) is present.
            Raju Anumula made changes -
            Workflow Original: Copy 3 of RHEL in Jira [ 25398654 ] New: RHEL in Jira [ 25426796 ]
            Raju Anumula made changes -
            Workflow Original: RHEL in Jira [ 24447748 ] New: Copy 3 of RHEL in Jira [ 25398654 ]
            Dominika Borges made changes -
            Release Note Status Original: In Progress [ 30960 ] New: Done [ 30963 ]
            Dominika Borges made changes -
            Release Note Text Original: .Kerberos Key Distribution Centers (KDCs) version 1.20 and later now process tickets generated from KDCs running version 1.18.2 and earlier

            Previously, a compatibility issue occurred between a Key Distribution Center (KDC) running Kerberos version 1.20 or later and a KDC running version 1.18.2 or earlier. As a consequence, when evidence tickets issued by the KDC running Kerberos 1.20 or later were sent to the KDC running Kerberos 1.18.2 or earlier, the older KDC rejected the ticket granting service request because it lacked support for the `AD-SIGNTICKET` attribute.

            With this update, the earlier versions of KDC no longer require `AD-SIGNTICKET` if a Privileged Attribute Certificate (PAC) is present. As a result, evidence tickets generated by Kerberos 1.20 and newer KDCs are now successfully processed.
            New: .Kerberos Key Distribution Centers (KDCs) version 1.20 and later now process tickets generated from KDCs running version 1.18.2 and earlier

            Previously, a compatibility issue occurred between a Key Distribution Center (KDC) running Kerberos version 1.20 or later and a KDC running version 1.18.2 or earlier. As a consequence, when evidence tickets issued by the KDC running Kerberos 1.20 or later were sent to the KDC running Kerberos 1.18.2 or earlier, the older KDC rejected the ticket granting service request because it lacked support for the `AD-SIGNTICKET` attribute.

            With this update, earlier versions of KDC now accept evidence tickets generated by KDCs running Kerberos 1.20 and newer, as they no longer require `AD-SIGNTICKET` when a Privileged Attribute Certificate (PAC) is present.

            The release notes text is now updated with suggestions from the peer review.

            Dominika Borges added a comment - The release notes text is now updated with suggestions from the peer review.
            Dominika Borges made changes -
            Release Note Text Original: .Kerberos Key Distribution Centers (KDCs) 1.20 and later versions now process tickets generated from KDCs running 1.18.2 and earlier versions

            A compatibility issue has occurred between Key Distribution Center (KDC) running Kerberos 1.20 or later versions and KDC running 1.18.2 and earlier versions. As a consequence, when evidence tickets issued by KDCs running Kerberos 1.20 and later versions were sent to KDCs running Kerberos 1.18.2 and earlier versions, the older KDC rejected the ticket granting service request due to missing support for `AD-SIGNTICKET` attribute.

            With this update, the earlier versions of KDC no longer require `AD-SIGNTICKET` if a Privileged Attribute Certificate (PAC) is present. As a result, evidence tickets generated by Kerberos 1.20 and newer KDCs are now successfully processed.
            New: .Kerberos Key Distribution Centers (KDCs) version 1.20 and later now process tickets generated from KDCs running version 1.18.2 and earlier

            Previously, a compatibility issue occurred between a Key Distribution Center (KDC) running Kerberos version 1.20 or later and a KDC running version 1.18.2 or earlier. As a consequence, when evidence tickets issued by the KDC running Kerberos 1.20 or later were sent to the KDC running Kerberos 1.18.2 or earlier, the older KDC rejected the ticket granting service request because it lacked support for the `AD-SIGNTICKET` attribute.

            With this update, the earlier versions of KDC no longer require `AD-SIGNTICKET` if a Privileged Attribute Certificate (PAC) is present. As a result, evidence tickets generated by Kerberos 1.20 and newer KDCs are now successfully processed.

            Hi jrische@redhat.com, thanks for the review. I updated the text and will move to the peer review.
            Regarding using the present perfect tense, I believe it reflects that the resolution has occurred in the past and currently the issue is fixed. I'll check this with another writer

            Dominika Borges added a comment - Hi jrische@redhat.com , thanks for the review. I updated the text and will move to the peer review. Regarding using the present perfect tense, I believe it reflects that the resolution has occurred in the past and currently the issue is fixed. I'll check this with another writer
            Dominika Borges made changes -
            Release Note Text Original: .Kerberos Key Distribution Centers (KDCs) 1.20 and later versions now process tickets generated from KDCs running 1.18.2 and earlier versions

            A compatibility issue has occurred between Key Distribution Center (KDC) running Kerberos 1.20 or later versions and KDC running 1.18.2 and earlier versions. As a consequence, when evidence tickets issued by KDCs running Kerberos 1.20 and later versions were sent to KDCs running Kerberos 1.18.2 and earlier versions, the older KDC failed the ticket granting service request due to missing support for `AD-SIGNTICKET` attribute.

            With this update, the earlier versions of KDC no longer require `AD-SIGNTICKET` if a Privileged Attribute Certificate (PAC) is present. As a result, evidence tickets generated by Kerberos 1.20 and newer KDCs are now successfully processed.
            New: .Kerberos Key Distribution Centers (KDCs) 1.20 and later versions now process tickets generated from KDCs running 1.18.2 and earlier versions

            A compatibility issue has occurred between Key Distribution Center (KDC) running Kerberos 1.20 or later versions and KDC running 1.18.2 and earlier versions. As a consequence, when evidence tickets issued by KDCs running Kerberos 1.20 and later versions were sent to KDCs running Kerberos 1.18.2 and earlier versions, the older KDC rejected the ticket granting service request due to missing support for `AD-SIGNTICKET` attribute.

            With this update, the earlier versions of KDC no longer require `AD-SIGNTICKET` if a Privileged Attribute Certificate (PAC) is present. As a result, evidence tickets generated by Kerberos 1.20 and newer KDCs are now successfully processed.

            Hello Dominika,
            Sorry about the delay. I would just make these comments:

            • "A compatibility issue has occurred between [...]": It sounds like it is a ad hoc thing, while it is actually systematic. Without this update, the failure will occur each time this scenario happen. So I'd rather say "A compatibility issues occurs between [...]"
            • "the older KDC failed the ticket granting service request": I feel like "to fail the request" is not the best expression here. I would rather say "the older KDC rejects the ticket granting service request". It is not really a bug, it's just that the request is missing some data that are required by the 1.20 KDC by default.

            The rest is good as it is.

            Julien Rische added a comment - Hello Dominika, Sorry about the delay. I would just make these comments: "A compatibility issue has occurred between [...] ": It sounds like it is a ad hoc thing, while it is actually systematic. Without this update, the failure will occur each time this scenario happen. So I'd rather say "A compatibility issues occurs between [...] " "the older KDC failed the ticket granting service request": I feel like "to fail the request" is not the best expression here. I would rather say "the older KDC rejects the ticket granting service request". It is not really a bug, it's just that the request is missing some data that are required by the 1.20 KDC by default. The rest is good as it is.

            jrische@redhat.com I added release notes text. Could you please review the text to see if it is accurate?

            Dominika Borges added a comment - jrische@redhat.com I added release notes text. Could you please review the text to see if it is accurate?
            Dominika Borges made changes -
            Release Note Status New: In Progress [ 30960 ]
            Release Note Text New: .Kerberos Key Distribution Centers (KDCs) 1.20 and later versions now process tickets generated from KDCs running 1.18.2 and earlier versions

            A compatibility issue has occurred between Key Distribution Center (KDC) running Kerberos 1.20 or later versions and KDC running 1.18.2 and earlier versions. As a consequence, when evidence tickets issued by KDCs running Kerberos 1.20 and later versions were sent to KDCs running Kerberos 1.18.2 and earlier versions, the older KDC failed the ticket granting service request due to missing support for `AD-SIGNTICKET` attribute.

            With this update, the earlier versions of KDC no longer require `AD-SIGNTICKET` if a Privileged Attribute Certificate (PAC) is present. As a result, evidence tickets generated by Kerberos 1.20 and newer KDCs are now successfully processed.
            Release Note Type Original: If docs needed, set a value [ 31859 ] New: Bug Fix [ 30950 ]
            Dominika Borges made changes -
            Doc Contact New: Dominika Borges [ dvagnero ]
            Tomas Capek made changes -
            Release Note Type Original: Unspecified Release Note Type - Unknown [ 30957 ] New: If docs needed, set a value [ 31859 ]
            Rui Ormonde made changes -
            Product Documentation Required New: Yes [ 36650 ]
            Release Note Type New: Unspecified Release Note Type - Unknown [ 30957 ]
            Michal Polovka made changes -
            Test Coverage New: Yes [ 31555 ]
            David Vozenilek made changes -
            Link New: This issue is documented by RHELPLAN-168840 [ RHELPLAN-168840 ]
            Michal Polovka made changes -
            Status Original: Integration [ 18721 ] New: Release Pending [ 15735 ]
            Michal Polovka made changes -
            Sprint Original: 2023-Q3-Bravo-S6, 2023-Q4-Bravo-S1, 2023-Q4-Bravo-S2, 2023-Q4-Bravo-S3, 2023-Q4-Bravo-S4, 2023-Q4-Bravo-S5 [ 54447, 56017, 56018, 56019, 56020, 56022 ] New: 2023-Q3-Bravo-S6, 2023-Q4-Bravo-S1, 2023-Q4-Bravo-S2, 2023-Q4-Bravo-S3, 2023-Q4-Bravo-S4, 2023-Q4-Bravo-S5, 2023-Q4-Bravo-S6 [ 54447, 56017, 56018, 56019, 56020, 56022, 56023 ]
            Errata Tool made changes -
            Remote Link New: This issue links to "RHBA-2023:125343 (Web Link)" [ 1500607 ]
            RHEL Jira bot made changes -
            Status Original: Release Pending [ 15735 ] New: Integration [ 18721 ]
            Errata Tool made changes -
            Michal Polovka made changes -
            Status Original: Integration [ 18721 ] New: Release Pending [ 15735 ]
            Florence Renaud made changes -
            Epic Link New: FREEIPA-10423 [ 15535795 ]
            Michal Polovka made changes -
            Sprint Original: 2023-Q3-Bravo-S6, 2023-Q4-Bravo-S1, 2023-Q4-Bravo-S2, 2023-Q4-Bravo-S3, 2023-Q4-Bravo-S4 [ 54447, 56017, 56018, 56019, 56020 ] New: 2023-Q3-Bravo-S6, 2023-Q4-Bravo-S1, 2023-Q4-Bravo-S2, 2023-Q4-Bravo-S3, 2023-Q4-Bravo-S4, 2023-Q4-Bravo-S5 [ 54447, 56017, 56018, 56019, 56020, 56022 ]
            Rafael Jeffman made changes -
            Status Original: In Progress [ 10018 ] New: Integration [ 18721 ]
            Watson Automation made changes -
            Target end Original: 2023/11/20 New: 2023/12/04
            Watson Automation made changes -
            Dev Target end Original: 2023/11/13 New: 2023/11/27
            Anuja More made changes -
            Internal Target Milestone New: 14 [ 27963 ]
            RHEL Jira bot made changes -
            Internal Target Milestone Original: 12 [ 27961 ]
            Anuja More made changes -
            Dev Target Milestone Original: 11 [ 16976 ] New: 13 [ 16978 ]
            Rafael Jeffman made changes -
            Status Original: Integration [ 18721 ] New: In Progress [ 10018 ]
            Rafael Jeffman made changes -
            Status Original: In Progress [ 10018 ] New: Integration [ 18721 ]
            Julien Rische made changes -
            Assignee Original: Julien Rische [ jrische@redhat.com ] New: Rafael Jeffman [ rjeffman@redhat.com ]
            Julien Rische made changes -
            Developer New: Julien Rische [ JIRAUSER179310 ]
            Michal Polovka made changes -
            Sprint Original: 2023-Q3-Bravo-S6, 2023-Q4-Bravo-S1, 2023-Q4-Bravo-S2, 2023-Q4-Bravo-S3 [ 54447, 56017, 56018, 56019 ] New: 2023-Q3-Bravo-S6, 2023-Q4-Bravo-S1, 2023-Q4-Bravo-S2, 2023-Q4-Bravo-S3, 2023-Q4-Bravo-S4 [ 54447, 56017, 56018, 56019, 56020 ]
            Michal Polovka made changes -
            Sprint Original: 2023-Q3-Bravo-S6, 2023-Q4-Bravo-S1, 2023-Q4-Bravo-S2 [ 54447, 56017, 56018 ] New: 2023-Q3-Bravo-S6, 2023-Q4-Bravo-S1, 2023-Q4-Bravo-S2, 2023-Q4-Bravo-S3 [ 54447, 56017, 56018, 56019 ]
            Julien Rische made changes -
            Docs Impact Original: Unspecified [ 30765 ] New: RN only [ 30768 ]
            Michal Polovka made changes -
            Preliminary Testing New: Pass [ 34174 ]
            gitlab-bot made changes -
            Remote Link New: This issue links to "Merge request - ipa-kdb: Make AD-SIGNEDPATH optional with krb5 DAL 8 and older (Web Link)" [ 1447893 ]

            gitlab-bot added a comment -

            Julien Rische mentioned this issue in a merge request of Red Hat / centos-stream / rpms / ipa on branch c8s_adsignedpath:

            ipa-kdb: Make AD-SIGNEDPATH optional with krb5 DAL 8 and older

            gitlab-bot added a comment - Julien Rische mentioned this issue in a merge request of Red Hat / centos-stream / rpms / ipa on branch c8s_adsignedpath : ipa-kdb: Make AD-SIGNEDPATH optional with krb5 DAL 8 and older
            Francisco Trivino Garcia made changes -
            Sprint Original: 2023-Q3-Bravo-S6, 2023-Q4-Bravo-S1 [ 54447, 56017 ] New: 2023-Q3-Bravo-S6, 2023-Q4-Bravo-S1, 2023-Q4-Bravo-S2 [ 54447, 56017, 56018 ]

            The fix will be inherited from RHEL 8.9 bulid.

            Rafael Jeffman added a comment - The fix will be inherited from RHEL 8.9 bulid.
            Rafael Jeffman made changes -
            Fixed in Build New: krb5-1.18.2-26.el8_9
            Michal Polovka made changes -
            ACKs Check Original: Dev ack [ 31165 ] New: QE ack,Dev ack [ 31163, 31165 ]
            Watson Automation made changes -
            Target end Original: 2023/10/30 New: 2023/11/20
            Francisco Trivino Garcia made changes -
            Internal Target Milestone Original: 9 [ 27958 ] New: 12 [ 27961 ]
            Watson Automation made changes -
            Dev Target end New: 2023/11/13
            Julien Rische made changes -
            Dev Target Milestone New: 11 [ 16976 ]
            Watson Automation made changes -
            Internal Target Milestone New: 9 [ 27958 ]
            Francisco Trivino Garcia made changes -
            Target end New: 2023/10/30
            Julien Rische made changes -
            Labels Original: Triaged New: Triaged fixed_upstream
            Michal Polovka made changes -
            QA Contact New: Michal Polovka [ mpolovka ]
            Julien Rische made changes -
            Link Original: This issue is depended on by FREEIPA-10410 [ FREEIPA-10410 ]
            Julien Rische made changes -
            Summary Original: Tolerate absence of AD-SIGNEDPATH New: Tolerate absence of AD-SIGNEDPATH [rhel-8.10]
            Watson Automation made changes -
            Keywords New: ZStream [ 34163 ]
            Watson Automation made changes -
            Release Blocker New: Approved Blocker [ 34567 ]
            Watson Automation made changes -
            Link New: This issue is cloned by RHEL-12198 [ RHEL-12198 ]
            RHEL Jira bot made changes -
            Request Clones Original: Latest Z-stream [ 33995 ]
            Julien Rische made changes -
            Request Clones New: Latest Z-stream [ 33995 ]
            Julien Rische made changes -
            Fix Version/s New: rhel-8.10.0 [ 12407280 ]
            Fix Version/s Original: rhel-8.9.0.z [ 12411656 ]
            gitlab-bot made changes -
            Remote Link New: This issue links to "Merge request - ipa-kdb: Make AD-SIGNEDPATH optional with krb5 DAL 8 and older [rhel-8.10] (Web Link)" [ 1428904 ]

            gitlab-bot added a comment -

            Julien Rische mentioned this issue in a merge request of Red Hat / centos-stream / rpms / ipa on branch rhel_8.10_adsignedpath:

            ipa-kdb: Make AD-SIGNEDPATH optional with krb5 DAL 8 and older [rhel-8.10]

            gitlab-bot added a comment - Julien Rische mentioned this issue in a merge request of Red Hat / centos-stream / rpms / ipa on branch rhel_8.10_adsignedpath : ipa-kdb: Make AD-SIGNEDPATH optional with krb5 DAL 8 and older [rhel-8.10]
            gitlab-bot made changes -
            Remote Link New: This issue links to "Merge request - ipa-kdb: Make AD-SIGNEDPATH optional with krb5 DAL 8 and older (Web Link)" [ 1424213 ]

            gitlab-bot added a comment -

            Julien Rische mentioned this issue in a merge request of Red Hat / centos-stream / rpms / ipa on branch c8s_adsignedpath:

            ipa-kdb: Make AD-SIGNEDPATH optional with krb5 DAL 8 and older

            gitlab-bot added a comment - Julien Rische mentioned this issue in a merge request of Red Hat / centos-stream / rpms / ipa on branch c8s_adsignedpath : ipa-kdb: Make AD-SIGNEDPATH optional with krb5 DAL 8 and older
            Francisco Trivino Garcia made changes -
            Story Points New: 5
            Francisco Trivino Garcia made changes -
            Sprint Original: 2023-Q3-Bravo-S6 [ 54447 ] New: 2023-Q3-Bravo-S6, 2023-Q4-Bravo-S1 [ 54447, 56017 ]
            Rafael Jeffman made changes -
            Link New: This issue is depended on by FREEIPA-10410 [ FREEIPA-10410 ]
            Julien Rische made changes -
            Fix Version/s Original: rhel-8.9.0 [ 12398178 ]
            Julien Rische made changes -
            Fix Version/s New: rhel-8.9.0.z [ 12411656 ]
            Julien Rische made changes -
            Fix Version/s New: rhel-8.9.0 [ 12398178 ]
            Julien Rische made changes -
            Summary Original:  FreeIPA 4.9 KDB rejects FreeIPA 4.10 KDB-issued evidence ticket in S4U processing New: Tolerate absence of AD-SIGNEDPATH
            Julien Rische made changes -
            Link New: This issue relates to RHEL-10514 [ RHEL-10514 ]
            Julien Rische made changes -
            Security Original: Red Hat Employee [ 11697 ]
            RHEL Jira bot made changes -
            Link New: This issue is related to ATTACH-5991 [ ATTACH-5991 ]
            Julien Rische made changes -
            Security New: Red Hat Employee [ 11697 ]
            Julien Rische made changes -
            Component/s New: ipa [ 12378231 ]
            Reset contact to default Original: Assignee,Qa Contact,Doc Contact,Pool Team,Watchers,Developer [ 32051, 32052, 32053, 32054, 32055, 32850 ]
            Affects Version/s New: rhel-8.8.0 [ 12392170 ]
            Julien Rische made changes -
            3scale PT Docs New: Not Started [ 12953 ]
            ACKs Check New: Dev ack [ 31165 ]
            Affects Testing Original: Testable [ 30850 ]
            BZ Doc Text Original:  
            BZ Keywords Original: Unset
            Dev Approval Original: ? [ 17170 ]
            Docs Impact New: Unspecified [ 30765 ]
            Hold Original: False [ 15468 ]
            Key Original: FREEIPA-10393 New: RHEL-10495
            PM Approval Original: ? [ 17169 ]
            QE Approval Original: ? [ 17171 ]
            Reset contact to default New: Assignee,Qa Contact,Doc Contact,Pool Team,Watchers,Developer [ 32051, 32052, 32053, 32054, 32055, 32850 ]
            Workflow Original: OJA-WF-U [ 24351264 ] New: RHEL in Jira [ 24447748 ]
            Project Original: FreeIPA [ 12325035 ] New: RHEL [ 12332745 ]
            Status Original: ASSIGNED [ 14452 ] New: In Progress [ 10018 ]
            Francisco Trivino Garcia made changes -
            Labels New: Triaged
            Francisco Trivino Garcia made changes -
            Status Original: New [ 10016 ] New: ASSIGNED [ 14452 ]
            Francisco Trivino Garcia made changes -
            Sprint New: 2023-Q3-Bravo-S6 [ 54447 ]
            Francisco Trivino Garcia made changes -
            Assignee New: Julien Rische [ jrische@redhat.com ]
            Francisco Trivino Garcia made changes -
            Priority Original: Undefined [ 10300 ] New: Critical [ 2 ]
            Francisco Trivino Garcia made changes -
            Team New: sst_idm_ipa_bravo
            Michal Jurasek made changes -
            Pool Team New: sst_idm_ipa [ 17378 ]
            Francisco Trivino Garcia created issue -

              rjeffman@redhat.com Rafael Jeffman
              ftrivino@redhat.com Francisco Trivino Garcia
              Julien Rische Julien Rische
              Michal Polovka Michal Polovka
              Dominika Borges Dominika Borges
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: