#2526 User is unable to authenticate if the option krb5_fast_principal is NULL
Closed: Fixed None Opened 5 years ago by lslebodn.

Problematic configuration:

[sssd]
config_file_version = 2
sbus_timeout = 30
services = nss, pam
domains = LDAP-KRB5

[nss]
filter_groups = root
filter_users = root

[pam]

[domain/LDAP-KRB5]
debug_level=0xFFF0
id_provider = ldap
ldap_uri = ldap://ibm-x3650m4-01-vm-13.example.com
ldap_search_base = dc=example,dc=com
auth_provider = krb5
krb5_server = ibm-x3650m4-01-vm-13.lab.example.com
krb5_realm = EXAMPLE.COM
krb5_use_fast = demand
krb5_fast_principal =

Retrieving identities works well but user is not able to authenticate

[root@dell-per310-01 sssd]# id user_fast
uid=6549654(user_fast) gid=6549654 groups=6549654

[root@dell-per310-01 sssd]# grep -E "(0x00[1-9]0)" krb5_child.log 
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [get_tgt_times] (0x0020): krb5_cc_retrieve_cred failed
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [get_tgt_times] (0x0020): 1687: [-1765328243][Matching credential not found]
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [get_tgt_times] (0x0020): krb5_cc_retrieve_cred failed
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [get_tgt_times] (0x0020): 1687: [-1765328243][Matching credential not found]
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [k5c_setup_fast] (0x0020): check_fast_ccache failed.
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [k5c_setup_fast] (0x0020): 1954: [1432158213][Unknown code UUz 5]
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [privileged_krb5_setup] (0x0040): Cannot set up FAST
(Wed Dec 10 18:19:01 2014) [[sssd[krb5_child[6434]]]] [main] (0x0020): privileged_krb5_setup failed.

This regression is caused by recent patches in sssd master.
It works well with 1.11.7


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.3

Fields changed

owner: somebody => lslebodn
status: new => assigned

Fields changed

patch: 0 => 1

master: a183e27

resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @lslebodn:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.12.3

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3568

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata