#2888 SRV lookups with id_provider=proxy and auth_provider=krb5
Closed: Fixed None Opened 4 years ago by bergolth.

krb5 srv discovery dosn't work when using auth_provider=krb5 and id_provider=proxy. If I don't
specify a krb5_server, sssd complains about:

(Tue Dec  1 18:34:54 2015) [sssd[be[WU]]] [resolve_srv_send] (0x0200):
The status of SRV lookup is neutral
(Tue Dec  1 18:34:54 2015) [sssd[be[WU]]] [resolve_srv_send] (0x0040):
No SRV lookup plugin is set
(Tue Dec  1 18:34:54 2015) [sssd[be[WU]]] [be_resolve_server_done]
(0x1000): Server resolution failed: 14
(Tue Dec  1 18:34:54 2015) [sssd[be[WU]]] [be_mark_offline] (0x2000):
Going offline!

Config and log are attached.


I haven't done any tests myself, but after reading the code, it looks like we should call be_fo_set_dns_srv_lookup_plugin() also in krb5 provider initialization.

btw how to set up a similar sssd.conf can be read here: https://jhrozek.wordpress.com/2015/07/17/get-rid-of-calling-manually-calling-kinit-with-sssds-help/

I think Petr could fix this easily in 1.14 :-)

Fields changed

owner: somebody => pcech

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14 alpha

Fields changed

status: new => assigned

Fields changed

patch: 0 => 1

How To Reproduce

I configured SSSD client to the FreeIPA by [1].

Important part of SSSD configuration:

[domain/ceti.dev]
id_provider = proxy
auth_provider = krb5
krb5_server = _srv_          # if alfa.ceti.dev it works
krb5_kpasswd = alfa.ceti.dev
krb5_realm = CETI.DEV

The bug occurs if you try to log on with kerberos password.

[1] http://blog.oddbit.com/2015/07/16/mapping-local-users-to-kerberos-principals-with-sssd/

_comment0: '''How To Reproduce'''

I configured SSSD client to the FreeIPA by [1].

Important part of SSSD configuration:

{{{
[domain/ceti.dev]
id_provider = proxy
auth_provider = krb5
krb5_server = srv # if alfa.ceti.dev it works
krb5_kpasswd = alfa.ceti.dev
krb5_realm = CETI.DEV
}}}

[1] http://blog.oddbit.com/2015/07/16/mapping-local-users-to-kerberos-principals-with-sssd/ => 1452513644630375

Our downstream needs this patch to be included sooner, moving to 1.13.4

milestone: SSSD 1.14 alpha => SSSD 1.13.4

resolution: => fixed
status: assigned => closed

Metadata Update from @bergolth:
- Issue assigned to pcech
- Issue set to the milestone: SSSD 1.13.4

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3929

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata