sssd

  1. Bug #1039151
  2. Activity log

Activity log for bug #1039151

Date Who What changed Old value New value Message
2012-08-20 17:59:36 musicalvegan0 bug added bug
2012-08-20 18:04:02 musicalvegan0 description Ubuntu 12.04.1 sssd 1.8.2-0ubuntu1 Arch i386 When SSSD is configured for krb5 auth and a user successfully logs in, the following ticket is generated in /tmp/krb5cc_UID_XXXXXX: klist -c /tmp/krb5cc_UID_XXXXXX Default principal: USER@DOMAIN.LOCAL Valid starting Expires Service principal 31/12/1969 19:00 31/12/1969 19:00 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL The expected outcome is receive a Kerberos ticket with a valid starting and stopping date. After some experimentation, the issue may be related to the credential cache as deleting the bad ticket, deleting the SSSD cache, and restarting the sssd service seems to produce a valid ticket: service sssd stop rm /tmp/krb5cc_UID_XXXXXX rm -rf /var/lib/sss/db/* service sssd start <user log in successful> klist -c /tmp/krb5cc_UID_XXXXXX Default principal: USER@DOMAIN.LOCAL Valid starting Expires Service principal 20/08/2012 13:49 20/08/2012 23:49 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL renew until 20/08/2012 23:49 Specifying krb5_* options in sssd.conf seems to have no effect on the outcome of the ticket. Obviously, this bug creates problems for applications and services that require a valid Kerberos ticket such as Kerberized NFS mounts. Ubuntu 12.04.1 sssd 1.8.2-0ubuntu1 Arch i386 When SSSD is configured for krb5 auth and a user successfully logs in, the following ticket is generated in /tmp/krb5cc_UID_XXXXXX: klist -c /tmp/krb5cc_UID_XXXXXX Default principal: USER@DOMAIN.LOCAL Valid starting Expires Service principal 31/12/1969 19:00 31/12/1969 19:00 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL The expected outcome is receive a Kerberos ticket with a valid starting and stopping date. After some experimentation, the issue may be related to the credential cache as deleting the bad ticket, deleting the SSSD cache, and restarting the sssd service seems to produce a valid ticket: service sssd stop rm /tmp/krb5cc_UID_XXXXXX rm -rf /var/lib/sss/db/* service sssd start <user log in successful> klist -c /tmp/krb5cc_UID_XXXXXX Default principal: USER@DOMAIN.LOCAL Valid starting Expires Service principal 20/08/2012 13:49 20/08/2012 23:49 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL  renew until 20/08/2012 23:49 Specifying krb5_* options in sssd.conf seems to have no effect on the outcome of the ticket. Obviously, this bug creates problems for applications and services that require a valid Kerberos ticket such as Kerberized NFS mounts.
2012-08-20 23:04:52 Stephen Gallagher bug watch added https://fedorahosted.org/sssd/ticket/1493
2012-08-21 05:42:31 Timo Aaltonen sssd (Ubuntu): importance Undecided Medium
2012-08-21 05:42:31 Timo Aaltonen sssd (Ubuntu): status New Triaged
2012-10-30 23:37:59 Timo Aaltonen bug task added sssd
2012-10-31 20:06:18 Bug Watch Updater sssd: status Unknown New
2015-01-20 22:30:39 Markus Jonskog bug added subscriber Markus Jonskog
2015-09-04 15:58:49 Sasa Paporovic tags krb5 krb5 precise