#1533 Improve recreating new ccache file when the old one is not accessible any more
Closed: Fixed None Opened 9 years ago by jhrozek.

When the SSSD tries to reuse a ccache file that is not owned or readable by the current user any more, we try to just recreate a new ccache. However, this only works when the ccache template contains the random substitution (XXXXX). If not, the new ccache would have the same filename and most likely wouldn't be recreated anyway.

We should check if the ccache template would yield the same filename and if it would, warn the user in the logs that creating the new ccache might fail anyway.

See https://lists.fedorahosted.org/pipermail/sssd-devel/2012-September/011513.html for full discussion.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.1

Fields changed

rhbz: => 0

Ondra, can you take a look into this issue for me?

What needs to be done is checking the krb5_ccache template for the random component (XXXXX) and improving the debug message introduced in 5feb9be based on presence of this random component.

If it does not exist, also include a new debug message saying that the old ccache and the new ccache are the same and re-creating the ccache might fail.

Maybe instead of checking for the random component it would be enough to just compare the new and old ccache names, depends on what would be easier in the code.

owner: somebody => okos

Fields changed

patch: 0 => 1
status: new => assigned

Fields changed

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to okos
- Issue set to the milestone: SSSD 1.9.1

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2575

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata