Learn more about these different git repos.
Other Git URLs
There is a logic bug in the LDAP GSSAPI auth code. When the child times out, the sdap_kinit_ tevent request does not retry another KDC.
Also, when the request result is retrieved with sdap_kinit_recv, the LDAP server is marked as down, which is wrong, the kinit request only talks to KDC and its result shouldn't change the status of the LDAP server.
 Child timeout is the only really probable way the child tevent request can end with an error. The other reasons include OOM situations, child fork/exec failing. If the child operation itself fails (i.e. the keytab is wrong), the request ends with EOK and extended error information is returned in a separate variable.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=817073 (Red Hat Enterprise Linux 5)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=817073 817073]
owner: somebody => jhrozek
status: new => assigned
patch: 0 => 1
- 163a17f (master)
- b13da92 (sssd-1-8)
component: SSSD => LDAP Provider
milestone: NEEDS_TRIAGE => SSSD 1.8.4 (LTM)
resolution: => fixed
status: assigned => closed
Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.8.4 (LTM)
to comment on this ticket.