Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1429843
Description of problem: Update of sssd from 1.15.0-3 to 1.15.0-4 breaks my system (the same applies for 1.15.1). I cannot login anymore using my Kerberos password. Version-Release number of selected component (if applicable): $ rpm -q sssd sssd-1.15.0-4.fc26.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Can't login using Kerberos password. Expected results: I can use Kerberos password. Additional info: # cat /etc/sysconfig/authconfig CACHECREDENTIALS=yes FORCELEGACY=no FORCESMARTCARD=no PASSWDALGORITHM=sha512 USEECRYPTFS=no USEFPRINTD=yes USEKERBEROS=no USELDAP=no USELDAPAUTH=no USELOCAUTHORIZE=yes USEMKHOMEDIR=no USENIS=yes USEPAMACCESS=no USEPASSWDQC=no USEPWQUALITY=yes USESHADOW=yes USESMARTCARD=no USESSSD=yes USESSSDAUTH=yes USESYSNETAUTH=no USEWINBIND=no USEWINBINDAUTH=no WINBINDKRB5=no # cat /etc/nsswitch.conf # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Valid entries include: # # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: shadow: group: #hosts: db files nisplus nis dns hosts: files nis dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss netgroup: files nis sss publickey: nisplus automount: files nis sss aliases: files nisplus # cat /etc/pam.d/system-auth-ac #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_sss.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= password sufficient pam_unix.so sha512 shadow nis nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so
Metadata Update from @lslebodn: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1429843
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.15.4
we just document the expectations
Metadata Update from @jhrozek: - Issue priority set to: minor - Issue tagged with: docs
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.1 (was: SSSD 1.15.4)
Metadata Update from @jhrozek: - Issue tagged with: postpone-to-1-16-2
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.2 (was: SSSD 1.16.1)
Metadata Update from @jhrozek: - Issue untagged with: postpone-to-1-16-2
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.3 (was: SSSD 1.16.2)
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.4 (was: SSSD 1.16.3)
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.2 (was: SSSD 1.16.4)
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)
Metadata Update from @thalman: - Issue tagged with: bugzilla
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4372
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @pbrezina: - Issue close_status updated to: cloned-to-github - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.