SSSD / sssd

Clone

b927dc7 ipa: ipa_getkeytab don't call libnss_sss

1 file Authored by sbose 5 years ago, Committed by jhrozek 5 years ago,
raw patch tree parent
1 file changed. 1 lines added. 1 lines removed.
src/providers/ipa/ipa_subdomains_server.c
file modified
+1 -1 
    ipa: ipa_getkeytab don't call libnss_sss
    
    Resolves: https://pagure.io/SSSD/sssd/issue/3992
    
    ipa-getkeytab is a help process which might even get called during
    the startup of SSSD. Hence it should not try to use any SSSD responder
    especially not the NSS responder.
    
    Typically we call helpers with the environment of the calling SSSD
    component where then _SSS_LOOPS environment variable is set to 'NO' to
    skip calls to SSSD in libnss_sss. Since we have to set the KRB5CCNAME
    environment variable to the ccache with the current TGT for the host
    principal when calling ipa-getkeytab execle() is used to call
    ipa_getkeytab which unfortunately replaces the environment of the caller
    with the one provided in the last argument of the call. To make sure
    ipa_getkeytab does not call back into SSSD we have to set _SSS_LOOPS=NO
    here as well.
    
    Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
    (cherry picked from commit d409c10d00101734d1af0c9e0256e607ee8b09c7)
file modified
+1 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.