#1822 krbcc dir creation issue with MIT krb5 1.11
Closed: Fixed None Opened 6 years ago by simo.

With version 1.11 libkrb5 can attempt to create the ccache dir on its own.
This actually happens at authentication and apparently happens before we call become_user().
This results in a ccache dir with permissions 0600 and owned by root and makes all following operations fail as the krb5_child process set uids away to the user credentials.
Authentication thus fails too.

Fields changed

owner: somebody => pbrezina
status: new => assigned

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.5

Fields changed

rhbz: => 0

Fields changed

milestone: SSSD 1.9.5 => NEEDS_TRIAGE
review: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10 beta
resolution: => worksforme
status: assigned => closed

Sorry, have to re-open this.
It worked after downgrading to krb5 1.10, but then when I tested again I just realized I have failed to upgrade back to 1.11
Now I upgraded to 1.11 and sssd fails again :-(

resolution: worksforme =>
status: closed => reopened

Lukas was able to reproduce the bug in a VM.

owner: pbrezina => lslebodn
status: reopened => new

Fields changed

patch: 0 => 1
status: new => assigned

Moving the ticket to 1.9.5, I think we should fix the bug in sssd-1-9 as well.

milestone: SSSD 1.10 beta => SSSD 1.9.5

resolution: => fixed
status: assigned => closed

Metadata Update from @simo:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.9.5

2 years ago

Login to comment on this ticket.