- Issued:
- 2012-02-20
- Updated:
- 2012-02-20
RHBA-2012:0245 - certmonger bug fix and enhancement update
Synopsis
certmonger bug fix and enhancement update
Type/Severity
Bug Fix Advisory (none)
Topic
An updated certmonger package that fixes multiple bugs and adds one enhancement is now available for Red Hat Enterprise Linux 5.
Description
The certmonger service monitors certificates as the date at which they become invalid approaches, optionally attempting to re-enroll with a supported certificate authority (CA) to keep the services which use the certificates running without incident.
The certmonger service, which was initially introduced as a Technology Preview, is now fully-supported. (BZ#665317)
This update fixes the following bugs:
-
Prior to this update, ipa-getcert list calls from non-root users logged the misleading message ""Number of certificates and requests being tracked: 0". This update modifies the underlying code to display the correct message "Insufficient access. Please retry operation as root." when non-root users call ipa-getcert list. (BZ#712072)
-
Prior to this update, starting the certmonger service as non-root user looged the uninformative message "Error connecting to D-Bus.". This update modifies the underlying code to display the correct message "Insufficient access. Please retry operation as root." when non-root users start the certmonger service. (BZ#756745)
-
Prior to this update, the IPA web-based service was not compatibile with certmonger. As a consequence, certmonger was unable to correctly submit enrollment requests to IPA's CA. With this update, certmonger has been modified and it now operates correctly with newer versions of IPA. (BZ#757883)
This update also adds the following enhancement:
- Prior to this update, libcurl could not delegate Kerberos tickets via XML-RPC to authenticate with Identity, Policy and Audit (IPA). This update adds support for the xmlrpc-c API to allow for Generic Security Services Application Program Interface (GSSAPI) delegation. (BZ#727864)
All users of the certmonger service are advised to upgrade to this updated package, which fixes these bugs and adds this enhancement.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
| Red Hat Enterprise Linux Desktop | 5 | x86_64 |
| Red Hat Enterprise Linux Desktop | 5 | i386 |
Updated Packages
- certmonger-0.50-3.el5.src.rpm
- certmonger-0.50-3.el5.ppc.rpm
- certmonger-0.50-3.el5.i386.rpm
- certmonger-0.50-3.el5.s390x.rpm
- certmonger-0.50-3.el5.x86_64.rpm
- certmonger-0.50-3.el5.ia64.rpm
Fixes
- This content is not included.BZ - 712072
- This content is not included.BZ - 712075
- This content is not included.BZ - 727864
- This content is not included.BZ - 756745
- This content is not included.BZ - 757883
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.