Issue #1526: SSSD does not auto renew kerberos credentials when auth_provider is 'ipa' - sssd

SSSD / sssd

#1526 SSSD does not auto renew kerberos credentials when auth_provider is 'ipa'

Closed: Fixed None Opened 11 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=857108 (Red Hat Enterprise Linux 6)

Description of problem: SSSD does not auto renew kerberos credentials if
auth_provider is set to 'ipa', it works if I set auth_provier=krb5.

Version-Release number of selected component :sssd-1.8.0-32

How reproducible: Always

Steps to Reproduce:
1. Configure ipa client using ipa-client-install
2. Add options to auto renew the tickets
3. login as ipa user and check whether credentials get auto renewed or not.

Actual results: ipa user credentials are not renewed automatically.


Expected results: ipa user credentials get renewed automatically


Additional info:

* I verified the authentication is done by pam_sssd & the TGT is renewable
(user can do a kinit -R and renew it manually).

Configuration used :

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = gsslab.pnq.redhat.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_server = _srv_, vm213.gsslab.pnq.redhat.com
ldap_tls_cacert = /etc/ipa/ca.crt
debug_level = 10
krb5_lifetime = 120s
krb5_renewable_lifetime = 150m
krb5_renew_interval = 10s

-----------

sssd logs:

[sssd[be[gsslab.pnq.redhat.com]]] [krb5_child_done] (0x1000): Adding
[FILE:/tmp/krb5cc_1195600006_1ZpsNs] for automatic renewal.
[sssd[be[gsslab.pnq.redhat.com]]] [add_tgt_to_renew_table] (0x1000): Renew
context not initialized, automatic renewal not available.

----------

It works if I set 'auth_provider = krb5' and other details (krb5 realm and
server address).

jhrozek commented 11 years ago

This was fixed in 3441d0c upstream.

blockedby: =>
blocking: =>
coverity: =>
feature_milestone: =>
testsupdated: => 0

dpal commented 11 years ago

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0
resolution: => fixed
status: new => closed

Metadata Update from @dpal:
- Issue set to the milestone: SSSD 1.9.0

7 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2568

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

SSSD 1.9.0

type

defect

component

SSSD

version

None

selected

None

testsupdated

patch

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=857108

design_review

None

review

None

changelog

None

keywords

None

coverity

None

mark

None

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#1526 SSSD does not auto renew kerberos credentials when auth_provider is 'ipa' Closed: Fixed None Opened 11 years ago by dpal.

Metadata

#1526 SSSD does not auto renew kerberos credentials when auth_provider is 'ipa'

Closed: Fixed None Opened 11 years ago by dpal.