Ubuntu
krb5 package

Wrong default path for kpropd.acl in kpropd man page

Bug #688464 reported by Hugh Saunders
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
krb5 (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

--Ubuntu Release: 8.04 Hardy
--Package Version:
krb5-kdc:
  Installed: 1.6.dfsg.3~beta1-2ubuntu1.5
  Candidate: 1.6.dfsg.3~beta1-2ubuntu1.5
  Version table:
 *** 1.6.dfsg.3~beta1-2ubuntu1.5 0
        500 http://gb.archive.ubuntu.com hardy-updates/universe Packages
        500 http://security.ubuntu.com hardy-security/universe Packages
        100 /var/lib/dpkg/status
     1.6.dfsg.3~beta1-2ubuntu1 0
        500 http://gb.archive.ubuntu.com hardy/universe Packages

--What happened:
There is a discrepancy between the default location of kpropd.acl specified in the kpropd man page, and the actual default location that the program reads.

from the man page for kpropd:

FILES
       kpropd.acl Access file for kpropd; the default location is KPROPD_ACL_FILE (normally
                   /usr/local/var/krb5kdc/kpropd.acl). Each entry is a line containing the
                   principal of a host from which the local machine will allow Kerberos database
                   propagation via kprop.

Strace shows that kpropd is actually looking for the file in /etc/krb5kdc/:

root@tribble:/etc/xinetd.d# strace -F kpropd -Sd 2>&1 |grep 'open.*acl'
open("/etc/krb5kdc/kpropd.acl", O_RDONLY) = -1 ENOENT (No such file or directory)

--What I expected to happen:
The man page and the program agree.

Tags: patch

Related branches

lp:debian/experimental/krb5

CVE References

Revision history for this message
Sam Hartman (hartmans) wrote : Re: [Bug 688464] [NEW] Wrong default path for kpropd.acl in kpropd man page

This bug also exists in Debian; here's a patch I'll upload in a future
Debian krb5 version that will eventually make its way into Ubuntu.

Brian Murray (brian-murray)
tags: added: patch
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

Hugh, thanks for the bug report, and thanks for working with us to make Ubuntu better.

Sam, thanks for the quick patch!

It looks like Sam's patch corrects the issue and will also be included in Debian. Marking Triaged, setting Importance to Low.

Changed in krb5 (Ubuntu):
status: New → Triaged
importance: Undecided → Low
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package krb5 - 1.9+dfsg-1ubuntu1

---------------
krb5 (1.9+dfsg-1ubuntu1) oneiric; urgency=low

  * Merge from debian unstable. Remaining changes:
    - Build for multiarch, with pre-depends on multi-arch support virtual package.
    - Add Breaks: on old versions fo external packages (i.e., ssd) using
      /usr/lib/krb5 due to the path tranisition.

krb5 (1.9+dfsg-1) unstable; urgency=low

  * New upstream version
  * Pull in krb5 1.9 branch as of 03/16/2011
    - Include updates in 1.8.3+dfsg-4, 1.8.3+dfsg-5, 1.8.3+dfsg-6
    - Include fixes for trace logging
  * Since Debian does not and will not ever build with edirectory
    support, remove documentation of edirectory commands from the man
    page. Closes: #580502
  * Includes IPv6 support for kadmind, Closes: #595796
  * Upstream 1.9 supports hooks for password change and synchronization,
    Closes: #588968
  * LDAP now supports stash creation after db cretaion, Closes: #484808
  * Krb5 1.9 supports including files from krb5.conf, Closes: #429692

krb5 (1.9+dfsg~beta2-1) experimental; urgency=low

  * New upstream release
  * Fix default location of kpropd.acl in kpropd.M (LP: #688464)
  * Ignore PACs without a server signature generated by OS X Open
    Directory rather than failing authentication, Closes: #604925
  * New exported API: krb5_tkt_creds_get

krb5 (1.9+dfsg~beta1-1) experimental; urgency=low

  * New upstream release
  * No longer use symbols files for libkadm5 ad libkdb5: these libraries
    change very rapidly and tend to change soname each major release.
    Symbols files will be introduced if they make sense again.
  * Update symbols for libkrb5-3: note that several internal functions
    have disappeared. These functions were not part of the public ABI
    which remains stable
  * Update library package names based on soname changes

krb5 (1.8.3+dfsg-6) unstable; urgency=low

  * Fix double free with pkinit on KDC, CVE-2011-0284, Closes: #618517
  * Updated Danish debconf translations, thanks Joe Dalton, Closes:
    #584282
 -- Chuck Short <email address hidden> Mon, 02 May 2011 16:23:50 +0100

Changed in krb5 (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.