Steven Jones wrote:
Hi,

It appears this change also effects RHEL6.1 as well....I have the same message 
when I try and join new machines.

Yes, updates were done for at least Fedora 14, 15, rawhide, EL5 and EL6. This was considered a security issue so updates were pushed everywhere.

rob


regards

Steven
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ

8><-----

Joining realm failed because of failing XML-RPC request.
This error may be caused by incompatible server/client major versions.

8><-----

I think this is the problem caused by a recent libcurl change. libcurl
recently dropped support for GSSAPI ticket delegation which is needed
for the enrollment. If you look in the Apache error log on the IPA
server I'll bet there is an error about principal.

We're waiting on upstream to add support for forwarding back in. Until
then your options are limited. The change was made because it was
considered a security issue: whenever forwarding was allow the ticket
was sent whether it was requested or not.

Downgrading libcurl will fix the problem for enrollment. You should
evaluate the CVE to decide the course of action:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2192

rob

8><----

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to