Bug 54392

Summary: Kerberos discovery fails if KDCs don't run HTTPS
Product: realmd Reporter: Mantas Mikulėnas <grawity>
Component: GeneralAssignee: Stef Walter <stefw>
Status: RESOLVED FIXED QA Contact:
Severity: minor    
Priority: medium    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Mantas Mikulėnas 2012-09-02 13:26:22 UTC 
I manage two Kerberos 5 (non-IPA) realms, CLUENET.ORG and NULLROUTE.EU.ORG; both of them fail with `realm discover` because the KDCs do not have web servers configured for HTTPS:

$ realm discover -v NULLROUTE.EU.ORG
 * Searching for kerberos SRV records for domain: _kerberos._udp.nullroute.eu.org
 * Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.nullroute.eu.org
 * virgule.cluenet.org:88 panther.nathan7.eu:88 
 * Trying to retrieve IPA certificate from virgule.cluenet.org
 * Trying to retrieve IPA certificate from panther.nathan7.eu
 ! Couldn't connect to check for IPA domain: Error performing TLS handshake: An unexpected TLS packet was received.
 ! Couldn't read certificate via HTTP: No PEM-encoded certificate found
 * Found kerberos DNS records for: nullroute.eu.org
 ! Failed to discover realm: No PEM-encoded certificate found
realm: Couldn't discover realm: Failed to discover realm. See diagnostics.
(returned 2)

Using realmd 0.7-18-g90cf155.
Comment 1 Stef Walter 2012-09-02 13:29:45 UTC 
Thank you for filing this bug. I think it's a duplicate. Could you try this with realmd git master if possible?

*** This bug has been marked as a duplicate of bug 53958 ***
Comment 2 Mantas Mikulėnas 2012-09-02 13:40:31 UTC 
AFAICS, I am already using the latest git-master (commit 90cf155 in git://anongit.freedesktop.org/realmd/realmd).

Note that discovery works fine with realms where KDCs do not run HTTP or HTTPS at all, e.g. ATHENA.MIT.EDU or ANDREW.CMU.EDU.
Comment 3 Mantas Mikulėnas 2012-09-03 20:18:41 UTC 
Seems to be fixed in latest master. Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.