0

I've got an old Dockerfile, based on Ubuntu, that installs krb5-server as a dependency via apt.

I'd like to update the Dockerfile and base it on RHEL 8 instead, but krb5-server doesn't seem to be available in yum.

I've found a few articles online (like this one that suggest that it had vulnerabilities, so I guess it got pulled from yum's catalog.

Does anyone know if there's a replacement for it, or can you just not install a Kerberos server in RHEL 8 at the moment?

U880D
  • 8,601
  • 6
  • 24
  • 40
hiiamelliott
  • 53
  • 4

1 Answers1

0

... but krb5-server doesn't seem to be available in yum.

I am not able to reproduce your observation. In an almost out-of-box installation

cat /etc/redhat-release
Red Hat Enterprise Linux release 8.8 (Ootpa)

the command yum provides krb5-server just reports

krb5-server-1.18.2-14.el8.x86_64 : The KDC and related programs for Kerberos 5
Repo        : rhel-8-for-x86_64-baseos-rpms
Matched from:
Provide    : krb5-server = 1.18.2-14.el8

The package seems to be available from within rhel-8-for-x86_64-baseos-rpms.

... so I guess it got pulled from yum's catalog.

No, this indicates an issue somewhere else in your setup and configuration, mainly your subscription.

Furthermore, the Security Technical Implementation Guides (STIGs) you are referencing are regarding FIPS 140-2 cryptography and RHEL 8 and the packages are in Support Lifecycle and get Security Updates.

How to proceed further?

You may have a look into threads regarding subscription-manager first. In example

~$ sudo subscription-manager status
+-------------------------------------------+
   System Status Details
+-------------------------------------------+
Overall Status: Current

System Purpose Status: Not Specified

~$ sudo subscription-manager list
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+
Product Name:   Red Hat Enterprise Linux for x86_64
Product ID:     479
Version:        8.8
Arch:           x86_64
Status:         Subscribed
Status Details:
Starts:         01/01/2021
Ends:           01/01/2024

Do Further Reading

and research on it.

U880D
  • 8,601
  • 6
  • 24
  • 40
  • 1
    Thanks for your help @U880D. You've confirmed my suspicion that the docker image (ubi8 in this case) needs to be connected to a subscription manager to get that particular package. I wasn't sure how that worked in docker images (I don't usually use RHEL), but I guess I do need it after all. I'll see if I can find a way to register my builds with the server. – hiiamelliott Jun 20 '23 at 09:16