Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id A968A3FB88; Sun, 12 Apr 2015 22:33:03 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id t3D2X3Wf007382; Sun, 12 Apr 2015 22:33:03 -0400 Received: from mailhub-dmz-1.mit.edu (mailhub-dmz-1.mit.edu [18.9.21.41]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id t3CNLhBq030208 for ; Sun, 12 Apr 2015 19:21:43 -0400 Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) by mailhub-dmz-1.mit.edu (8.13.8/8.9.2) with ESMTP id t3CNLGbf028189; Sun, 12 Apr 2015 19:21:43 -0400 X-Auditid: 12074424-f79f56d000000da5-df-552afe0541c3 Authentication-Results: symauth.service.identifier; spf=pass; senderid=pass Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 2A.C9.03493.60EFA255; Sun, 12 Apr 2015 19:21:42 -0400 (EDT) Received: from zmail24.collab.prod.int.phx2.redhat.com (zmail24.collab.prod.int.phx2.redhat.com [10.5.83.30]) by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t3CNLfgM035667; Sun, 12 Apr 2015 19:21:41 -0400 Date: Sun, 12 Apr 2015 19:21:41 -0400 (EDT) From: Roland Mainz To: krb5-bugs@mit.edu Message-ID: <633885857.15652131.1428880901155.JavaMail.zimbra@redhat.com> In-Reply-To: References: Subject: [krb5bug] kdb5_ldap_util view_policy does not shows ticket flags on s390x and ppc64 (big-endian issue ?) ... MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-Ip: [10.10.62.135] X-Mailer: Zimbra 8.0.6_GA_5922 (ZimbraWebClient - FF29 (Linux)/8.0.6_GA_5922) Thread-Topic: kdb5_ldap_util view_policy does not shows ticket flags on s390x and ppc64 (big-endian issue ?) ... Thread-Index: s9iJNoE2Hx1NN8eHA8RPigSt9bNPfw== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrEKsWRWlGSWpSXmKPExsVysWW7qi7bP61Qg5tLDS2uzdzLYtHw8Di7 A5NH05mjzAGMUVw2Kak5mWWpRfp2CVwZfb8eMRY0iFd8/PietYHxllAXIyeHhICJxOQZO9lB bEYBb4k3V4+zQ8TFJC7cW8/WxcjFISSwnUli6tuvTBDONUaJaf2vgKo4OFgEtCVuXC8DaWAT UJP48uk+WLOIgKjEy7/HWEBsZgFFia2LNzOB2LwCnhL/mm4ygbRyCphKrD4AVi4EdMOdpkWs ILawQLnEyQ2XmCHKBSVOznwCNUZd4s88iDizgLzE9rdzmCHuVJBYequfEcL2lTgyeRvYeBGB AompR4sgrtGTOPj9JuMERpFZSKbOQjJ1FpKpCxiZVzHKpuRW6eYmZuYUpybrFicn5uWlFuma 6+VmluilppRuYgQGvhC7i8oOxuZDSocYBTgYlXh4L9zRChViTSwrrsw9xCjJwaQkyvv+OVCI Lyk/pTIjsTgjvqg0J7X4EKMEB7OSCO+iP0A53pTEyqrUonyYlDQHi5I476YffCFCAumJJanZ qakFqUUwWSYO9kOMehwcArPXrb7AKND5e9JHRimWvPy8VCUJ3nKQeYJFqempFWmZOSXIujhB BBfIYh6gxWxgi4sLEnOLM9Mhik4xGnNMePBrERPHsXWNi5mEwGZKifMGgpQKgJRmlObBjYQl vUuMslLCvIwMDAxCPEBXAgMHVf4VozgwYIR554NM4cnMK4Hb9wroFCagU7JUwE4pSURISTUw Nni/9dn/+85u242NBopKH1xNLM2NdH9tXG1S9231vpC7F14wN73T+iJj5zfHry9aP9fRjPtt hZZuUOTmySfbJ05lZN2a23uA20pWYcfZFM8P8Yr7RBnNcl7/L9v2sTfnStfjFeuF/X+uuVhj M3GF5oETl0Nnsq3OCI7S0Hnr7rvl6lor24/tSizFGYmGWsxFxYkA6LjJP3UDAAA= X-Mailman-Approved-At: Sun, 12 Apr 2015 22:33:01 -0400 CC: Greg Hudson X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu Content-Length: 2868 Hi! ---- This was discovered with test "t_kdb.py" that is new on krb5-1.12.x and I can imagine that it was not executed on big-endian architectures so far. But this is not a regression the same issue was observed on s390x and ppc64 on krb5-1.11.x and krb5-1.10.x. Either run the test suite and the test "t_kdb.py" should fail (make sure openldap is installed) or manually create a test realm with LDAP database backend, then: -- snip -- [root@rhel7]# kdb5_ldap_util -D "cn=Manager,dc=example,dc=com" -w "secret" create_policy -maxtktlife 3hour -maxrenewlife 6hour -allow_forwardable tktpol [root@rhel7]# kdb5_ldap_util -D "cn=Manager,dc=example,dc=com" -w "secret" view_policy tktpol Ticket policy: tktpol Maximum ticket life: 536870912 days 00:00:00 Maximum renewable life: 1073741824 days 00:00:00 Ticket flags: -- snip -- It looks like the policy flags are correct in the database only they are not displayed (note the "krbTicketFlags" in the ldapsearch result below), so this is more less a cosmetic issue: -- snip -- [root@rhel7]# ldapsearch -h localhost -x -D "cn=Manager,dc=example,dc=com" -w "secret" -b "cn=Kerberos,dc=example,dc=com" "(cn=tktpol)" | grep -v ^\# dn: cn=tktpol,cn=EXAMPLE.COM,cn=Kerberos,dc=example,dc=com cn: tktpol objectClass: krbTicketPolicy objectClass: krbTicketPolicyAux krbMaxTicketLife: 10800 krbMaxRenewableAge: 21600 krbTicketFlags: 2 search: 2 result: 0 Success [root@rhel7]# kdb5_ldap_util -D "cn=Manager,dc=example,dc=com" -w "secret" modify_policy -maxtktlife 4hour -maxrenewlife 8hour +requires_preauth tktpol [root@rhel7]# ldapsearch -h localhost -x -D "cn=Manager,dc=example,dc=com" -w "secret" -b "cn=Kerberos,dc=example,dc=com" "(cn=tktpol)" | grep -v ^\# dn: cn=tktpol,cn=EXAMPLE.COM,cn=Kerberos,dc=example,dc=com cn: tktpol objectClass: krbTicketPolicy objectClass: krbTicketPolicyAux krbMaxTicketLife: 14400 krbMaxRenewableAge: 28800 krbTicketFlags: 128 search: 2 result: 0 Success [root@rhel7]# kdb5_ldap_util -D "cn=Manager,dc=example,dc=com" -w "secret" view_policy tktpol Ticket policy: tktpol Maximum ticket life: 715827882 days 16:00:00 Maximum renewable life: 1431655765 days 08:00:00 Ticket flags: -- snip -- Expected results: Like on x86_64 and ppc64le: -- snip -- # kdb5_ldap_util -D "cn=Manager,dc=example,dc=com" -w "secret" create_policy -maxtktlife 3hour -maxrenewlife 6hour -allow_forwardable tktpol [root@rhel70 LDAP-backend]# kdb5_ldap_util -D "cn=Manager,dc=example,dc=com" -w "secret" view_policy tktpol Ticket policy: tktpol Maximum ticket life: 0 days 03:00:00 Maximum renewable life: 0 days 06:00:00 Ticket flags: DISALLOW_FORWARDABLE -- snip -- ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) rmainz@redhat.com \__\/\/__/ IPA/Kerberos5 team /O /==\ O\ (;O/ \/ \O;)