Learn more about these different git repos.
Other Git URLs
When krb5_ccachedir is not used in krb5_ccname_template through the %d expansion variable and krb5_ccname_template includes expansion variables like %U unexpected results are achieved.
For example, setting krb5_ccname_template to /run/user/%u/krb5cc for user 'test' leads to the creation of a directory 'test' in /run/user with permission 01777 and ownership of 1000:1000 (user test own uid and gid).
This is incorrect and can lead the unaware admin to create some directories with overly broad permissions when unintended.
Fields changed
owner: somebody => simo status: new => assigned
patch: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.12 beta
rhbz: => 0
The patches have been acked, so moving to 1.11.2
milestone: SSSD 1.12 beta => SSSD 1.11.2
resolution: => fixed status: assigned => closed
changelog: => The Kerberos provider is no longer able to create public directories when evaluating the krb5_ccachedir option. This is a backwards-incompatible change. Creating public directories is something the system administrator should perform in order for the directories to have the correct permissions and allow the authentication daemon to create user directories as private only.
Metadata Update from @simo: - Issue assigned to simo - Issue set to the milestone: SSSD 1.11.2
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3113
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.