Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=857108 (Red Hat Enterprise Linux 6)
Description of problem: SSSD does not auto renew kerberos credentials if
auth_provider is set to 'ipa', it works if I set auth_provier=krb5.
Version-Release number of selected component :sssd-1.8.0-32
How reproducible: Always
Steps to Reproduce:
1. Configure ipa client using ipa-client-install
2. Add options to auto renew the tickets
3. login as ipa user and check whether credentials get auto renewed or not.
Actual results: ipa user credentials are not renewed automatically.
Expected results: ipa user credentials get renewed automatically
* I verified the authentication is done by pam_sssd & the TGT is renewable
(user can do a kinit -R and renew it manually).
Configuration used :
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = gsslab.pnq.redhat.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_server = _srv_, vm213.gsslab.pnq.redhat.com
ldap_tls_cacert = /etc/ipa/ca.crt
debug_level = 10
krb5_lifetime = 120s
krb5_renewable_lifetime = 150m
krb5_renew_interval = 10s
[sssd[be[gsslab.pnq.redhat.com]]] [krb5_child_done] (0x1000): Adding
[FILE:/tmp/krb5cc_1195600006_1ZpsNs] for automatic renewal.
[sssd[be[gsslab.pnq.redhat.com]]] [add_tgt_to_renew_table] (0x1000): Renew
context not initialized, automatic renewal not available.
It works if I set 'auth_provider = krb5' and other details (krb5 realm and
This was fixed in 3441d0c upstream.
testsupdated: => 0
milestone: NEEDS_TRIAGE => SSSD 1.9.0
resolution: => fixed
status: new => closed
Metadata Update from @dpal:
- Issue set to the milestone: SSSD 1.9.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.