Both in the client and in the server the getkeytab control implementation uses an incorrect sequence number for the service principal name tag.
Given errors already exist in the same code and the fact that clients can safely fallback to the old setkeytab for common operations, this mistake should be fixed in newer clients/servers.
Possible workaround to be compatible with both wrong and correct clients 0001-Workaround-to-support-incorrect-clients.patch
Simo is working on this one, AFAIK.
We would like to push for this as a blocker for Fedora 21.
This one does not meet blocker criteria but we'll push for freeze exception.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1165674 (Fedora)
changes also related to #4718
master:
ipa-4-1:
ipa-4-0:
Metadata Update from @simo: - Issue assigned to simo - Issue set to the milestone: FreeIPA 4.0.6
Login to comment on this ticket.