#1822 krbcc dir creation issue with MIT krb5 1.11
Closed: Fixed None Opened 8 years ago by simo.

With version 1.11 libkrb5 can attempt to create the ccache dir on its own.
This actually happens at authentication and apparently happens before we call become_user().
This results in a ccache dir with permissions 0600 and owned by root and makes all following operations fail as the krb5_child process set uids away to the user credentials.
Authentication thus fails too.


Fields changed

owner: somebody => pbrezina
status: new => assigned

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.5

Fields changed

rhbz: => 0

Fields changed

milestone: SSSD 1.9.5 => NEEDS_TRIAGE
review: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10 beta
resolution: => worksforme
status: assigned => closed

Sorry, have to re-open this.
It worked after downgrading to krb5 1.10, but then when I tested again I just realized I have failed to upgrade back to 1.11
Now I upgraded to 1.11 and sssd fails again :-(

resolution: worksforme =>
status: closed => reopened

Lukas was able to reproduce the bug in a VM.

owner: pbrezina => lslebodn
status: reopened => new

Fields changed

patch: 0 => 1
status: new => assigned

Moving the ticket to 1.9.5, I think we should fix the bug in sssd-1-9 as well.

milestone: SSSD 1.10 beta => SSSD 1.9.5

resolution: => fixed
status: assigned => closed

Metadata Update from @simo:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.9.5

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2864

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata