Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1429843
Description of problem: Update of sssd from 1.15.0-3 to 1.15.0-4 breaks my system (the same applies for 1.15.1). I cannot login anymore using my Kerberos password. Version-Release number of selected component (if applicable): $ rpm -q sssd sssd-1.15.0-4.fc26.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Can't login using Kerberos password. Expected results: I can use Kerberos password. Additional info: # cat /etc/sysconfig/authconfig CACHECREDENTIALS=yes FORCELEGACY=no FORCESMARTCARD=no PASSWDALGORITHM=sha512 USEECRYPTFS=no USEFPRINTD=yes USEKERBEROS=no USELDAP=no USELDAPAUTH=no USELOCAUTHORIZE=yes USEMKHOMEDIR=no USENIS=yes USEPAMACCESS=no USEPASSWDQC=no USEPWQUALITY=yes USESHADOW=yes USESMARTCARD=no USESSSD=yes USESSSDAUTH=yes USESYSNETAUTH=no USEWINBIND=no USEWINBINDAUTH=no WINBINDKRB5=no # cat /etc/nsswitch.conf # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Valid entries include: # # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: shadow: group: #hosts: db files nisplus nis dns hosts: files nis dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss netgroup: files nis sss publickey: nisplus automount: files nis sss aliases: files nisplus # cat /etc/pam.d/system-auth-ac #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_sss.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= password sufficient pam_unix.so sha512 shadow nis nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so
Metadata Update from @lslebodn: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1429843
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.15.4
we just document the expectations
Login to comment on this ticket.
https://bugzilla.redhat.com/show_bug.cgi?id=1429843
