#2888 SRV lookups with id_provider=proxy and auth_provider=krb5
Closed: Fixed None Opened 3 years ago by bergolth.

krb5 srv discovery dosn't work when using auth_provider=krb5 and id_provider=proxy. If I don't
specify a krb5_server, sssd complains about:

(Tue Dec  1 18:34:54 2015) [sssd[be[WU]]] [resolve_srv_send] (0x0200):
The status of SRV lookup is neutral
(Tue Dec  1 18:34:54 2015) [sssd[be[WU]]] [resolve_srv_send] (0x0040):
No SRV lookup plugin is set
(Tue Dec  1 18:34:54 2015) [sssd[be[WU]]] [be_resolve_server_done]
(0x1000): Server resolution failed: 14
(Tue Dec  1 18:34:54 2015) [sssd[be[WU]]] [be_mark_offline] (0x2000):
Going offline!

Config and log are attached.


I haven't done any tests myself, but after reading the code, it looks like we should call be_fo_set_dns_srv_lookup_plugin() also in krb5 provider initialization.

btw how to set up a similar sssd.conf can be read here: https://jhrozek.wordpress.com/2015/07/17/get-rid-of-calling-manually-calling-kinit-with-sssds-help/

I think Petr could fix this easily in 1.14 :-)

Fields changed

owner: somebody => pcech

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14 alpha

Fields changed

status: new => assigned

Fields changed

patch: 0 => 1

How To Reproduce

I configured SSSD client to the FreeIPA by [1].

Important part of SSSD configuration:

[domain/ceti.dev]
id_provider = proxy
auth_provider = krb5
krb5_server = _srv_          # if alfa.ceti.dev it works
krb5_kpasswd = alfa.ceti.dev
krb5_realm = CETI.DEV

The bug occurs if you try to log on with kerberos password.

[1] http://blog.oddbit.com/2015/07/16/mapping-local-users-to-kerberos-principals-with-sssd/

_comment0: '''How To Reproduce'''

I configured SSSD client to the FreeIPA by [1].

Important part of SSSD configuration:

{{{
[domain/ceti.dev]
id_provider = proxy
auth_provider = krb5
krb5_server = srv # if alfa.ceti.dev it works
krb5_kpasswd = alfa.ceti.dev
krb5_realm = CETI.DEV
}}}

[1] http://blog.oddbit.com/2015/07/16/mapping-local-users-to-kerberos-principals-with-sssd/ => 1452513644630375

Our downstream needs this patch to be included sooner, moving to 1.13.4

milestone: SSSD 1.14 alpha => SSSD 1.13.4

resolution: => fixed
status: assigned => closed

Metadata Update from @bergolth:
- Issue assigned to pcech
- Issue set to the milestone: SSSD 1.13.4

2 years ago

Login to comment on this ticket.

Metadata