Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1762881
Summary: | sssd-kcm breaks Kerberos authentication with remote services | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | James <james> |
Component: | sssd | Assignee: | Michal Zidek <mzidek> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 31 | CC: | abokovoy, jhrozek, lslebodn, mzidek, pbrezina, rharwood, sbose, ssorce |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-10-17 20:17:22 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
James
2019-10-17 18:02:55 UTC
Hi, this sounds a bit like https://bugzilla.redhat.com/show_bug.cgi?id=1757224. Can you give the test build from comment #55 at https://koji.fedoraproject.org/koji/taskinfo?taskID=38214051 a try? To download the packages in a single run you can use: curl https://koji.fedoraproject.org/koji/taskinfo?taskID=38214051 | grep -o '"https://.*\.rpm"' | xargs -n 1 curl -O HTH bye, Sumit James, what client are you using? Also see Sumit's reply if you are using standard built Fedora clients like curl, or openssh. Using sssd-kcm from 38214051 broke Kerberos login altogether. Login functionality restored with that build by removing sssd-kcm and restarting sssd. The clients concerned are openssh-8.1p1-1.fc31.x86_64 firefox-69.0.3-1.fc31.x86_64 connecting to a FreeIPA service and sshds running on Fedora 30 boxes. (In reply to James Ettle from comment #3) > Using sssd-kcm from 38214051 broke Kerberos login altogether. Login > functionality restored with that build by removing sssd-kcm and restarting > sssd. > > The clients concerned are > > openssh-8.1p1-1.fc31.x86_64 > firefox-69.0.3-1.fc31.x86_64 > > connecting to a FreeIPA service and sshds running on Fedora 30 boxes. It works for me with sh$ rpm -q openssh-clients sssd-kcm openssh-clients-8.0p1-8.fc31.1.x86_64 sssd-kcm-2.2.2-1.fc32.x86_64 We need more information or detailed reproducer? sh$ export KRB5_TRACE=/tmp/openssh_krb5_trace sh$ ssh -vvv user And manually run kinit to avoid issues with BZ1757224. An please provide output of ssh and content of /tmp/openssh_krb5_trace I upgraded into openssh-clients-8.1p1-1 and it still works for me. OK, apologies -- looks like I was too hasty. This time I reinstalled the packages from 38214051 and completely rebooted rather than just restarting sssd. This time login works, and now Kerberised services are working. Thanks for the help -- I think this can probably be closed as a dup of 1757224 *** This bug has been marked as a duplicate of bug 1757224 *** |