#3815 KCM: The secdb back end might fail creating a new ID with a completely empty database
Closed: Fixed 2 years ago Opened 2 years ago by jhrozek.

If the security database is completely empty and libkrb5 calls the nextid operation, it would fail, because it tries to list the keys in the database, but doesn't handle ENOENT (no keys in the database).

This is not a problem for kinit for some reason, but it is for krb5_child. Probably there is some difference in what libkrb5 calls are called from kinit versus krb5_child and because our upstream tests only test KCM with kinit, we never caught this.

At least we now have a test for a full login with https://github.com/SSSD/sssd/pull/642 so we shouldn't regress in the future.

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1
- Issue tagged with: PR

2 years ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4809

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.