-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kadmin.local: unable to get default realm #1562
Comments
pyllyukko
added a commit
to pyllyukko/lynis
that referenced
this issue
Dec 18, 2024
kadmin.local binary might exist, even though Kerberos is not configured and /etc/krb5.conf does not exist.
Try #1562. Apparently it prints the line only once? |
See https://bugzilla.redhat.com/show_bug.cgi?id=2332730 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
On Fedora 40 the new (312) version of lynis outputs the message,
This occurs during the Kerberos section but is not affected by "2>&1" redirection,
so goes to the "terminal" or preceding/calling process output (eg. in my case cron).
I assume it's coming directly from the kadmin.local binary so there probably needs
to be a test of krb config before this is called & not called at all under conditions
where krb is not used.
However I'm sure there could be circumstances where a bad actor might hide a krb
config & potentially use it for secure channels/auth.
Version
Expected behavior
The (error?) message should be appropriately directed, & able to be redirected, when
kadmin.local is being called from within lynis.
In my case where there is no krb config it should probably not occur.
ie. an attempt to get the "default realm" will fail & so probably should not even be
attempted.
Output
kadmin.local: unable to get default realm
Additional context
Followed the 312 version install on FC40 after the "grep usage" messages were fixed.
The text was updated successfully, but these errors were encountered: