Bug 20801

Summary: Plugin 'gssapi' init function returned error
Product: Mageia Reporter: Bit Twister <bittwister2>
Component: RPM PackagesAssignee: AL13N <alien>
Status: RESOLVED INVALID QA Contact:
Severity: normal    
Priority: Normal CC: marja11
Version: CauldronKeywords: 6sta2
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: mariadb-10.1.22-2.mga6.src.rpm CVE:
Status comment:

Description Bit Twister 2017-05-07 23:46:41 CEST 
Description of problem:

$ journalctl --no-hostname -u mysqld | grep ERROR
mysqld[1061]: 2017-05-07 16:15:10 139697080510528 [ERROR] mysqld: Server GSSAPI error (major 851968, minor 2529639093) : gss_acquire_cred failed -Unspecified GSS failure.  Minor code may provide more information. Keytab FILE:/etc/krb5.keytab is nonexistent or empty.
 mysqld[1061]: 2017-05-07 16:15:10 139697080510528 [ERROR] Plugin 'gssapi' init function returned error.

Maybe adding an entry to /etc/gssproxy/gssproxy.conf is a solution.
For some background information see bug 20301.
 

Version-Release number of selected component (if applicable):


How reproducible: Always


Steps to Reproduce:
1. clean install Mageia-6-sta2-x86_64-DVD.iso + updates, reboot
2. journalctl -b | grep -i error

Error suppression workaround:
Prevent plugin loading in /etc/my.cnf.d/auth_gssapi.cnf

# dif /var/local/vorig/etc/my.cnf.d/auth_gssapi.cnf_vinstall /etc/my.cnf.d/auth_gssapi.cnf
2c2,3
< plugin-load-add=auth_gssapi.so
---
> # changed by /local/bin/auth_gssapi_changes Thu 02 Mar 22:07 2017
> # plugin-load-add=auth_gssapi.so
Bit Twister 2017-05-07 23:46:56 CEST

Keywords: (none) => 6sta2

Comment 1 Marja Van Waes 2017-05-09 22:41:09 CEST 
Assigning to the registered mariadb maintainer.

CC: (none) => marja11
Assignee: bugsquad => alien

Comment 2 David Walser 2017-05-14 02:41:27 CEST 
The package can't do magic.  It's your responsibility to provide the krb5.keytab file as appropriate for your site-specific configuration.  If your Kerberos server is Active Directory, you can use samba to create it by joining the domain.  For other setups, there are other methods for creating it.  Choose the one that's appropriate for your setup.

Resolution: (none) => INVALID
Status: NEW => RESOLVED