Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=880546 (Red Hat Enterprise Linux 6)
Description of problem: krb5_kpasswd failover doesn't work Version-Release number of selected component (if applicable): sssd-1.9.2-25.el6 How reproducible: Always Steps to Reproduce: 1. domain section of sssd.conf includes: auth_provider = krb5 krb5_server = kdc.example.com:12345,kdc.example.com:88 krb5_kpasswd = kdc.example.com:12345,kdc.example.com:464 2. Try to login and change the user's password # ssh -l puser1 localhost puser1@localhost's password: Last login: Tue Nov 27 14:46:43 2012 from localhost -sh-4.1$ passwd Changing password for user puser1. Current Password: New password: Retype new password: passwd: Authentication token manipulation error -sh-4.1$ Actual results: Password change fails as sssd is unable to failover. /var/log/secure shows: Nov 27 14:51:56 dhcp201-200 passwd: pam_sss(passwd:chauthtok): system info: [Cannot contact any KDC for requested realm] Nov 27 14:51:56 dhcp201-200 passwd: pam_sss(passwd:chauthtok): Password change failed for user puser1: 22 (Authentication token lock busy) /var/log/sssd/sssd_domain.log shows: (Tue Nov 27 14:51:56 2012) [sssd[be[LDAP-KRB5]]] [parse_krb5_child_response] (0x1000): child response [22][1][43]. (Tue Nov 27 14:51:56 2012) [sssd[be[LDAP-KRB5]]] [be_fo_set_port_status] (0x0040): The server (nil) is not valid anymore, cannot set its status (Tue Nov 27 14:51:56 2012) [sssd[be[LDAP-KRB5]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'KPASSWD' (Tue Nov 27 14:51:56 2012) [sssd[be[LDAP-KRB5]]] [get_server_status] (0x1000): Status of server 'kdc.example.com' is 'name resolved' (Tue Nov 27 14:51:56 2012) [sssd[be[LDAP-KRB5]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 10 seconds (Tue Nov 27 14:51:56 2012) [sssd[be[LDAP-KRB5]]] [get_server_status] (0x1000): Status of server 'kdc.example.com' is 'name resolved' (Tue Nov 27 14:51:56 2012) [sssd[be[LDAP-KRB5]]] [be_resolve_server_process] (0x0040): The fail over cycled through all available servers (Tue Nov 27 14:51:56 2012) [sssd[be[LDAP-KRB5]]] [be_resolve_server_done] (0x1000): Server resolution failed: 2 (Tue Nov 27 14:51:56 2012) [sssd[be[LDAP-KRB5]]] [check_wait_queue] (0x1000): Wait queue for user [puser1] is empty. (Tue Nov 27 14:51:56 2012) [sssd[be[LDAP-KRB5]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 22, <NULL>) [Success] Expected results: krb5_kpasswd failover should work. Additional info:
Fields changed
blockedby: => blocking: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => owner: somebody => mzidek testsupdated: => 0
milestone: NEEDS_TRIAGE => SSSD 1.9.4
owner: mzidek => pbrezina status: new => assigned
patch: 0 => 1
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to pbrezina - Issue set to the milestone: SSSD 1.9.4
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2722
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.