Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-8.10.z
Affects Version/s: rhel-8.10.z
Component/s: ipa
Labels:
- commit
- fixed_upstream

Fixed in Build:
idm-DL1-8100020241119115741.823393f5
Regression:
None
Severity:
Important
Epic Link:
FREEIPA-11664
sprint_count:
1

Pool Team:

rhel-sst-idm-ipa
Sub-System Group:

ssg_idm

Story Points:
5
ACKs Check:

QE ack, Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
2024-Q4-Alpha-S5

Preliminary Testing:
Pass
Test Link:
https://github.com/freeipa/freeipa/blob/master/ipatests/test_integration/test_installation.py
Errata Link:
https://errata.engineering.redhat.com/advisory/143098
Test Coverage:

Automated

Release Note Type:
Unspecified Release Note Type - Unknown

Experience:

PX Review Complete:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

To enable PAC generation, the "MS-PAC" value has to be set for "ipaKrbAuthzData" in "cn=ipaConfig,cn=etc,$SUFFIX".

However, the LDIF file is using the "addifnew" instruction, which is skipped in case the attribute already exists. This is not the behaviour we want. "MS-PAC" should be added unconditionally, especially now on RHEL 8 where the PAC is required by the Bronze-Bit attack detection mechanism. Not supporting the PAC breaks the IPA API on this RHEL version.

links to

freeipa pagure 9632

RHBA-2024:143098 idm:DL1 and idm:client bug fix update

Assignee:: Julien Rische

Reporter:: Julien Rische

Developer:: Julien Rische

QA Contact:: Sudhir Menon

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2024/07/17 8:38 AM

Updated:: 2024/12/17 6:57 PM

Resolved:: 2024/12/17 6:24 AM

Release Date:: 2024/12/17

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates