SSSD / sssd

Clone

a183e27 krb5_child: Initialize REALM earlier

1 file Authored by lslebodn 9 years ago, Committed by sbose 9 years ago,
raw patch tree parent
1 file changed. 6 lines added. 6 lines removed.
src/providers/krb5/krb5_child.c
file modified
+6 -6 
    krb5_child: Initialize REALM earlier
    
    Environment variable SSSD_KRB5_REALM was used to late for initialisation
    realm. and therefore default value NULL was used.
    The SSSD_KRB5_REALM (kr->realm) was used as fast_principal_realm for checking
    fast cache: privileged_krb5_setup -> k5c_setup_fast -> check_fast_ccache
    And therefore wrong principal was used when the option krb5_fast_principal is
    empty.
    
    [find_principal_in_keytab] (0x4000): Trying to find principal (null)@(null) in keytab.
    [match_principal] (0x1000): Principal matched to the sample ((null)@(null)).
    [get_tgt_times] (0x1000): FAST ccache must be recreated
    [get_tgt_times] (0x0020): krb5_cc_retrieve_cred failed
    [get_tgt_times] (0x0020): 1688: [-1765328243][Matching credential not found]
    [check_fast_ccache] (0x0040): Valid FAST TGT not found after attempting to renew it
    [k5c_setup_fast] (0x0020): check_fast_ccache failed.
    [k5c_setup_fast] (0x0020): 1956: [1432158213][Unknown code UUz 5]
    [privileged_krb5_setup] (0x0040): Cannot set up FAST
    [main] (0x0020): privileged_krb5_setup failed.
    [main] (0x0020): krb5_child failed!
    
    As a result of this user was not able to authenticate.
    
    Resolves:
    https://fedorahosted.org/sssd/ticket/2526
    
    Reviewed-by: Sumit Bose <sbose@redhat.com>
file modified
+6 -6
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.