Your message dated Fri, 05 Apr 2024 17:27:47 +0000 with message-id <e1rsnlv-00fr8g...@fasolo.debian.org> and subject line Bug#1068262: Removed package(s) from unstable has caused the Debian Bug report #457341, regarding libapache2-mod-auth-kerb: KrbAuthoritative is broken to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 457341: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457341 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libapache2-mod-auth-kerb Version: 5.3-1.3 Severity: important Here is a fragment of what I was attempting to accomplish: AuthType Basic AuthName "w3" AuthBasicProvider ldap file AuthUserFile /etc/apache2/htpasswd AuthzLDAPAuthoritative off AuthLDAPURL ldapi:///ou=bluepages,o=ibm.com?mail?sub? AuthType Kerberos KrbAuthRealms COBPLI.SVL.IBM.COM SVLDEV.SVL.IBM.COM KrbAuthoritative off KrbDelegateBasic on Krb5Keytab /etc/apache2/apache.keytab require valid-user So, the goal was to first do KRB, and if that failed, drop back to LDAP, and if that failed, check the htpasswd file. All that worked fine until I added Kerberos (LDAP falling back to file). No, if KRB auth works, everything is fine, but KRB failures are *not* being delegated to lower levels: [error] [client 9.30.102.134] Specified realm `us.ibm.com' not allowed by configuration There are a plethora of <cc>.ibm.com addresses, and I'm not going to be able to keep the AuthRealms uptodate with them all, nor should I - as they don't have KRB realms behind them. COBPLI and SVLDEV are the only two domains with KRB backing them (both are local and have cross-domain trust setup. I noticed the earlier bug (288745) on multiple Realms, tagged moreinfo, so I removed one from the list and tried again - but I get the same error :( I can easily reproduce (and test) this error - and am could easily verify any updates -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.23.11 (SMP w/1 CPU core; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libapache2-mod-auth-kerb depends on: ii apache2.2-common 2.2.6-3 Next generation, scalable, extenda ii krb5-config 1.17 Configuration files for Kerberos V ii libc6 2.7-4 GNU C Library: Shared libraries ii libcomerr2 1.40.3-1 common error description library ii libkrb53 1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries libapache2-mod-auth-kerb recommends no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Version: 5.4-3+rm Dear submitter, as the package libapache-mod-auth-kerb has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/1068262 The version of this package that was in Debian prior to this removal can still be found using https://snapshot.debian.org/. Please note that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Thorsten Alteholz (the ftpmaster behind the curtain)
--- End Message ---
