#2526 User is unable to authenticate if the option krb5_fast_principal is NULL
Closed: Fixed None Opened 4 years ago by lslebodn.

Problematic configuration:

[sssd]
config_file_version = 2
sbus_timeout = 30
services = nss, pam
domains = LDAP-KRB5

[nss]
filter_groups = root
filter_users = root

[pam]

[domain/LDAP-KRB5]
debug_level=0xFFF0
id_provider = ldap
ldap_uri = ldap://ibm-x3650m4-01-vm-13.example.com
ldap_search_base = dc=example,dc=com
auth_provider = krb5
krb5_server = ibm-x3650m4-01-vm-13.lab.example.com
krb5_realm = EXAMPLE.COM
krb5_use_fast = demand
krb5_fast_principal =

Retrieving identities works well but user is not able to authenticate

[root@dell-per310-01 sssd]# id user_fast
uid=6549654(user_fast) gid=6549654 groups=6549654

[root@dell-per310-01 sssd]# grep -E "(0x00[1-9]0)" krb5_child.log 
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [get_tgt_times] (0x0020): krb5_cc_retrieve_cred failed
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [get_tgt_times] (0x0020): 1687: [-1765328243][Matching credential not found]
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [get_tgt_times] (0x0020): krb5_cc_retrieve_cred failed
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [get_tgt_times] (0x0020): 1687: [-1765328243][Matching credential not found]
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [k5c_setup_fast] (0x0020): check_fast_ccache failed.
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [k5c_setup_fast] (0x0020): 1954: [1432158213][Unknown code UUz 5]
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [privileged_krb5_setup] (0x0040): Cannot set up FAST
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [main] (0x0020): privileged_krb5_setup failed.

This regression is caused by recent patches in sssd master.
It works well with 1.11.7


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.3

Fields changed

owner: somebody => lslebodn
status: new => assigned

Fields changed

patch: 0 => 1

master: a183e27

resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @lslebodn:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.12.3

2 years ago

Login to comment on this ticket.

Metadata