[rhelv6-list] New glibc and kerberos auth breakage?!
inode0
inode0 at gmail.com
Thu Jul 19 21:16:14 UTC 2012
On Thu, Jul 19, 2012 at 4:08 PM, Trond Hasle Amundsen
<t.h.amundsen at usit.uio.no> wrote:
> inode0 <inode0 at gmail.com> writes:
>
>> So all of my RHEL6.3 boxes that use kerberos for authentication suffer
>> breakage after updating glibc. Downgrading glibc* restores them to
>> expected behavior. With the new glibc installed I have seen both
>> gssapi-with-mic and password auth fail on ssh connections. Lots of
>> spewage from pam about not being able to find users or resolve hosts.
>> pam_succeed_if for instance can no longer find users not local to the
>> machine.
>>
>> Has anyone else encountered anything like this with the recent update?
>
> Just guessing... If you have IPv6 addresses in resolv.conf, you could
> have been bitten by this rather nasty bug:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=835090
> https://bugzilla.redhat.com/show_bug.cgi?id=837026
>
> An errata was issued yesterday.
I sort of think I am being bitten by the fix. With or without IPv6
addresses in resolv.conf we had working systems prior to applying that
update and broken systems after applying it. And reverting that update
makes everything work again. Since the errors I see in pam are
potentially related to that bit of the update though (failures to
resolve the kdc, failures to find the username) I'm guessing there is
a connection here.
John
More information about the rhelv6-list
mailing list