#1096 Clock skew in krb5 auth should result in offline operation, not failure
Closed: Fixed None Opened 12 years ago by sgallagh.

Split from https://bugzilla.redhat.com/show_bug.cgi?id=756428

Right now, if the clock is skewed when performing an online auth with Kerberos, we treat it as an error and deny access to the user. For convenience purposes, it would be better to treat this as an offline trigger and then attempt cached authentication instead.

We should be certain to report the failure to PAM_TEXT_DATA and the syslog, so that users and administrators are made aware of the issue.


Fields changed

coverity: =>
description: Split from https://bugzilla.redhat.com/show_bug.cgi?id=756428

Right now, if the clock is skewed when performing an online auth with Kerberos, we treat it as an error and deny access to the user. For convenience purposes, it would be better to treat this as an offline trigger and then attempt cached authentication instead.

We should be certain to report the failure to PAM_TEXT_DATA and the syslog, so that users and administrators are made aware of the issue. => Split from https://bugzilla.redhat.com/show_bug.cgi?id=756428

Right now, if the clock is skewed when performing an online auth with Kerberos, we treat it as an error and deny access to the user. For convenience purposes, it would be better to treat this as an offline trigger and then attempt cached authentication instead.

We should be certain to report the failure to PAM_TEXT_DATA and the syslog, so that users and administrators are made aware of the issue.
milestone: NEEDS_TRIAGE => SSSD 1.9.0
patch: => 0
rhbz: =>
tests: => 0
testsupdated: => 0
upgrade: => 0

Fields changed

blockedby: =>
blocking: =>
milestone: SSSD 1.9.0 => SSSD Kerberos improvements

Fields changed

feature_milestone: =>
proposed_priority: => Nice to have

Per Stephen's suggestion I am bumping the priority.

proposed_priority: Nice to have => Important

Moving all the features planned for 1.10 release into 1.10 beta.

milestone: SSSD Kerberos Improvements Feature => SSSD 1.10 beta

Fields changed

priority: major => minor

Fields changed

priority: minor => major

Fields changed

selected: => Not need

Moving tickets that are not a priority for SSSD 1.10 into the next release.

milestone: SSSD 1.10 beta => SSSD 1.11 beta

Test and if done close otherwise re-triage.

changelog: =>
design: =>
design_review: => 0
fedora_test_page: =>
milestone: SSSD 1.13 beta => Interim Bucket
review: => 0

Fields changed

milestone: Interim Bucket => SSSD 1.12 beta

owner: somebody => jhrozek

Fields changed

resolution: => fixed
status: new => closed

Metadata Update from @sgallagh:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.12 beta

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2138

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Log in to comment on this ticket.

Metadata