8 thoughts on - Updated Krb5 Rpm Package Altered Existing Krb5.conf – No Go

• Which config file?

• /etc/krb5.conf

  Regards . Götz

• and it it has the correct %config(noreplace) directive next to that file in the %files section, so this is mysterious.

• I too can confirm this behavior. I do not know why it gets modified but adding the include line breaks self compiled samba DC installations because of the difference in kerberos types used with samba and Red Hat.

  I suspect that this should be filed as a bug in upstream bugzilla since it does not look like CentOS modified the krb5-libs spec file.

  Presently, to work around the problem, I have ansible fix the file after updates.

  Regards,

• # rpm -qa krb\* –triggers triggerun scriptlet (using /bin/sh) — krb5-libs < 1.15.1-13 if ! grep -q 'includedir /etc/krb5.conf.d' /etc/krb5.conf ; then     sed -i '1i # Other applications require this directory to perform krb5 configuration.\nincludedir /etc/krb5.conf.d/\n' /etc/krb5.conf fi Looks like that's the culprit.

• Good to know, but writing a rpmnew or rpmsave file would be nice to check against the life used file.

  The samba people are aware of that problem regarding the include line and are working on a patch … the support at SerNet told me.

  Regards . Götz

• Agreed! IMO this is a packaging bug. Triggers do not drop rpmsave files. I suspect the chances of getting Red Hat to fix it are slim to none. Fixing it would most likely break other things for them.

  I agree they are aware of it but I suspect it is a low priority thing given they have known about this since 2016-12-29.

  I do think it would be relatively easy for SerNet to patch around in their paid for rpms. alas I do not have the budget for them. :-(

  The bug is available at https://bugzilla.samba.org/show_bug.cgi?id488

  Regards,

• Patched https://bugzilla.samba.org/show_bug.cgi?id=11573 <https://bugzilla.samba.org/show_bug.cgi?id=11573>

  /Götz