[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [rhelv6-list] New glibc and kerberos auth breakage?!



On Thu, Jul 19, 2012 at 4:08 PM, Trond Hasle Amundsen
<t h amundsen usit uio no> wrote:
> inode0 <inode0 gmail com> writes:
>
>> So all of my RHEL6.3 boxes that use kerberos for authentication suffer
>> breakage after updating glibc. Downgrading glibc* restores them to
>> expected behavior. With the new glibc installed I have seen both
>> gssapi-with-mic and password auth fail on ssh connections. Lots of
>> spewage from pam about not being able to find users or resolve hosts.
>> pam_succeed_if for instance can no longer find users not local to the
>> machine.
>>
>> Has anyone else encountered anything like this with the recent update?
>
> Just guessing... If you have IPv6 addresses in resolv.conf, you could
> have been bitten by this rather nasty bug:
>
>   https://bugzilla.redhat.com/show_bug.cgi?id=835090
>   https://bugzilla.redhat.com/show_bug.cgi?id=837026
>
> An errata was issued yesterday.

I sort of think I am being bitten by the fix. With or without IPv6
addresses in resolv.conf we had working systems prior to applying that
update and broken systems after applying it. And reverting that update
makes everything work again. Since the errors I see in pam are
potentially related to that bit of the update though (failures to
resolve the kdc, failures to find the username) I'm guessing there is
a connection here.

John


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]