#1269 sssd: Uses the wrong key for GSSAPI when there a multiple realms in a single keytab.
Closed: Fixed None Opened 7 years ago by sgallagh.

https://bugzilla.redhat.com/show_bug.cgi?id=805281 (Red Hat Enterprise Linux 6)

Description of problem:

When there are multiple realms in a keytab, sssd uses the first key available
to authenticate not looking at the key's realm. What sssd should do is
look for the first available key that has a valid realm to do the

Version-Release number of selected component (if applicable):


How reproducible:
On the client generate a keytab will multiple realms with
the valid realm defined last:

klist -k
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   2 nfs/rhel6.boston.devel.redhat.com@DEVEL.REDHAT.COM
   1 host/rhel6.boston.devel.redhat.com@BOSTON.DEVEL.REDHAT.COM

Steps to Reproduce:
1. Log into the client

Actual results:

Expected results:

Additional info:

Fields changed

blockedby: =>
blocking: =>
coverity: =>
feature_milestone: =>
milestone: NEEDS_TRIAGE => SSSD 1.8.2 (LTM)
tests: => 0
testsupdated: => 0
upgrade: => 0

Fields changed

owner: somebody => jhrozek
patch: 0 => 1
status: new => assigned

Fixed by:
- fcbaf4c (master)
- 1927496 (sssd-1-8)

resolution: => fixed
status: assigned => closed

Metadata Update from @sgallagh:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.8.2 (LTM)

2 years ago

Login to comment on this ticket.