Learn more about these different git repos.
Other Git URLs
Attempting to log in would lead to an inevitable timeout of the krb5_child. It took me a while to figure out why, but here goes:
I've tracked the error down to the message "Cannot handle password prompts.", and using that information, and the knowledge it used to work previously, I was able to figure out the bug was introduced by commit 78027fe. Commenting the ifdef out in password_or_responder in src/providers/krb5/krb5_child.c, to always take the discard_const branch, fixes the issue for me. Additionally, it seems like the failure in the krb5_child should lead to a signalled failure, rather than sssd_be timing the child out.
I've tried this on 1.14.1 on arch linux, but since the file hasn't changed since 1.14.0, and I have been seeing it for a while makes me fairly confident it is present starting from 1.14.0 until now.
attachment sssd.conf
attachment krb5.conf
I think you hit an issue discussed already in https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/D3C2DDA7EDIEPZLSWXE53TFY4GGAICRN/
Please check if pre-authentication is disabled for the principal. As you can see in the email thread you can either enable pre-authentication (which is always recommended) or apply the fix for http://krbdev.mit.edu/rt/Ticket/Display.html?id=8454 to your client.
cc: => sbose
You hit the nail on the head, turns out that when I enabled pre-authentication, I neglected to do so for existing principals, which, naturally, included mine. I would suggest adding this to the error message, but I noticed the linked MIT kerberos issue has already been fixed, and fixes have been released.
Since the ticket was resolved, I'm closing this issue as not a bug.
resolution: => invalid status: new => closed
Metadata Update from @bartbes: - Issue set to the milestone: NEEDS_TRIAGE
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4258
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.