[Freeipa] [Bug 1772447] Re: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache
** Also affects: freeipa (Ubuntu Bionic) Importance: Undecided Status: New -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1772447 Title: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache Status in freeipa package in Ubuntu: Fix Released Status in freeipa source package in Bionic: New Bug description: After having installed FreeIPA on Ubuntu 18.04, I cannot login by the web interface. I think the problem is that Apache uses the certificate in /var/lib/krb5kdc/kdc.crt to get Kerberos credentials. Although this file is readable by everyone, the directory /var/lib/krb5kdc is only accessible by root. After a 'chmod 0755 /var/lib/krb5kdc' it is possible to login trough the web interface. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772447/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1772447] Re: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache
Hi everybody, I can confirmi bug is still present: any ETA for cosmic backports? -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1772447 Title: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache Status in freeipa package in Ubuntu: Fix Released Bug description: After having installed FreeIPA on Ubuntu 18.04, I cannot login by the web interface. I think the problem is that Apache uses the certificate in /var/lib/krb5kdc/kdc.crt to get Kerberos credentials. Although this file is readable by everyone, the directory /var/lib/krb5kdc is only accessible by root. After a 'chmod 0755 /var/lib/krb5kdc' it is possible to login trough the web interface. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772447/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1772447] Re: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache
Sorry about that, I uploaded a backport which doesn't work, but I fixed that now with another backport which should be SRU'able to bionic, I hope. It's the same version as in cosmic, should be built soon. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1772447 Title: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache Status in freeipa package in Ubuntu: Fix Released Bug description: After having installed FreeIPA on Ubuntu 18.04, I cannot login by the web interface. I think the problem is that Apache uses the certificate in /var/lib/krb5kdc/kdc.crt to get Kerberos credentials. Although this file is readable by everyone, the directory /var/lib/krb5kdc is only accessible by root. After a 'chmod 0755 /var/lib/krb5kdc' it is possible to login trough the web interface. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772447/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1772447] Re: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache
This bug was fixed in the package freeipa - 4.7.0-1ubuntu4 --- freeipa (4.7.0-1ubuntu4) cosmic; urgency=medium * Actually build server on architecture any. -- Dimitri John Ledkov Tue, 02 Oct 2018 23:32:01 +0100 ** Changed in: freeipa (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1772447 Title: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache Status in freeipa package in Ubuntu: Fix Released Bug description: After having installed FreeIPA on Ubuntu 18.04, I cannot login by the web interface. I think the problem is that Apache uses the certificate in /var/lib/krb5kdc/kdc.crt to get Kerberos credentials. Although this file is readable by everyone, the directory /var/lib/krb5kdc is only accessible by root. After a 'chmod 0755 /var/lib/krb5kdc' it is possible to login trough the web interface. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772447/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1772447] Re: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache
Since not everyone knows about the staging PPA (I just found it), the PPA can be found here: https://launchpad.net/~freeipa/+archive/ubuntu/staging With the PPA (4.7.0~pre2-0~ppa3) the installation completes without a problem. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1772447 Title: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache Status in freeipa package in Ubuntu: In Progress Bug description: After having installed FreeIPA on Ubuntu 18.04, I cannot login by the web interface. I think the problem is that Apache uses the certificate in /var/lib/krb5kdc/kdc.crt to get Kerberos credentials. Although this file is readable by everyone, the directory /var/lib/krb5kdc is only accessible by root. After a 'chmod 0755 /var/lib/krb5kdc' it is possible to login trough the web interface. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772447/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1772447] Re: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache
Side note for Timo. There is no tag in the git repo for debian/4.7.0~pre1+git20180411-2 (commit fb666595) -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1772447 Title: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache Status in freeipa package in Ubuntu: In Progress Bug description: After having installed FreeIPA on Ubuntu 18.04, I cannot login by the web interface. I think the problem is that Apache uses the certificate in /var/lib/krb5kdc/kdc.crt to get Kerberos credentials. Although this file is readable by everyone, the directory /var/lib/krb5kdc is only accessible by root. After a 'chmod 0755 /var/lib/krb5kdc' it is possible to login trough the web interface. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772447/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1772447] Re: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache
Sorry for the duplicate in https://bugs.launchpad.net/bugs/1791325. I should have paid more attention. Anyway, there is a fix, what's holding it up? Right now FreeIPA server is useless in 18.04 -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1772447 Title: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache Status in freeipa package in Ubuntu: In Progress Bug description: After having installed FreeIPA on Ubuntu 18.04, I cannot login by the web interface. I think the problem is that Apache uses the certificate in /var/lib/krb5kdc/kdc.crt to get Kerberos credentials. Although this file is readable by everyone, the directory /var/lib/krb5kdc is only accessible by root. After a 'chmod 0755 /var/lib/krb5kdc' it is possible to login trough the web interface. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772447/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1772447] Re: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache
Confirming that it works! -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1772447 Title: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache Status in freeipa package in Ubuntu: In Progress Bug description: After having installed FreeIPA on Ubuntu 18.04, I cannot login by the web interface. I think the problem is that Apache uses the certificate in /var/lib/krb5kdc/kdc.crt to get Kerberos credentials. Although this file is readable by everyone, the directory /var/lib/krb5kdc is only accessible by root. After a 'chmod 0755 /var/lib/krb5kdc' it is possible to login trough the web interface. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772447/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1772447] Re: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache
fixed in git ** Changed in: freeipa (Ubuntu) Importance: Undecided => High ** Changed in: freeipa (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1772447 Title: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache Status in freeipa package in Ubuntu: In Progress Bug description: After having installed FreeIPA on Ubuntu 18.04, I cannot login by the web interface. I think the problem is that Apache uses the certificate in /var/lib/krb5kdc/kdc.crt to get Kerberos credentials. Although this file is readable by everyone, the directory /var/lib/krb5kdc is only accessible by root. After a 'chmod 0755 /var/lib/krb5kdc' it is possible to login trough the web interface. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772447/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1772447] Re: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache
ok, it's rpcserver.py.. probably need to put these in /var/lib/ipa/certs -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1772447 Title: freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache Status in freeipa package in Ubuntu: New Bug description: After having installed FreeIPA on Ubuntu 18.04, I cannot login by the web interface. I think the problem is that Apache uses the certificate in /var/lib/krb5kdc/kdc.crt to get Kerberos credentials. Although this file is readable by everyone, the directory /var/lib/krb5kdc is only accessible by root. After a 'chmod 0755 /var/lib/krb5kdc' it is possible to login trough the web interface. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772447/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp