Bug#953962: upgrade-reports: kprop uses a new default kerberos filename for propogating to replica kdcs

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#953962: upgrade-reports: kprop uses a new default kerberos filename for propogating to replica kdcs
From: Diane Trout <diane@ghic.org>
Date: Sat, 14 Mar 2020 21:09:02 -0700
Message-id: <[🔎] 158424534286.1496380.12485215671227597726.reportbug@amarana.ghic.org>
Reply-to: Diane Trout <diane@ghic.org>, 953962@bugs.debian.org

Package: upgrade-reports
Severity: normal

After upgrading from stretch to buster on a kerberos domain controler that I
had configured a replication script.

/etc/cron.hourly/krb5-prop:
/usr/sbin/kprop: No such file or directory while trying to open
/var/lib/krb5kdc/replica_datatrans
Propagation of database to host <replica>
failed with exit code 1.


The script I was using that was installed into /etc/cron.hourly looked like the
following:

#+BEGIN_SRC bash
#!/bin/sh

# Distribute KDC database to slave servers
# Created by Jason Garman for use with MIT Kerberos 5
# Modified by Jaap Winius <jwinius@rjsystems.nl>

slavekdcs=<replica>

/usr/sbin/kdb5_util dump /var/lib/krb5kdc/slave_datatrans
error=$?

if [ $error -ne 0 ]; then

        echo "Kerberos database dump failed"
        echo "with exit code $error. Exciting."
        exit 1
fi

for kdc in $slavekdcs; do

        /usr/sbin/kprop $kdc > /dev/null
        error=$?

        if [ $error -ne 0 ]; then

                echo "Propagation of database to host $kdc"
                echo "failed with exit code $error."
        fi
done

exit 0
#+END_SRC


I patched it with this:

#+BEGIN_SRC diff
--- krb5-prop.orig      2020-03-14 21:05:08.429907209 -0700
+++ krb5-prop.new       2020-03-14 21:05:35.946011884 -0700
@@ -5,7 +5,7 @@
 # Modified by Jaap Winius <jwinius@rjsystems.nl>

-slavekdcs=<replica>
+replicakdcs=<replica>

-/usr/sbin/kdb5_util dump /var/lib/krb5kdc/slave_datatrans
+/usr/sbin/kdb5_util dump /var/lib/krb5kdc/replica_datatrans
 error=$?

@@ -17,5 +17,5 @@
 fi

-for kdc in $slavekdcs; do
+for kdc in $replicakdcs; do

        /usr/sbin/kprop $kdc > /dev/null
#+ENC_SRC

It might be nice to mention that kprop's default replica file name changed
between stretch and buster.

Diane



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'oldstable-debug'), (500, 'testing'), (500, 'stable'), (110, 'unstable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Reply to:

Prev by Date: Participá y ganá una olla Essen!
Previous by thread: Participá y ganá una olla Essen!
Index(es):
- Date
- Thread