Learn more about these different git repos.
Other Git URLs
pa-getkeytab is a help process which might even get called during the startup of SSSD. Hence it should not try to use any SSSD responder especially not the NSS responder.
Typically we call helpers with the environment of the calling SSSD component where then _SSS_LOOPS environment variable is set to 'NO' to skip calls to SSSD in libnss_sss. Since we have to set the KRB5CCNAME environment variable to the ccache with the current TGT for the host principal when calling ipa-getkeytab execle() is used to call ipa_getkeytab which unfortunately replaces the environment of the caller with the one provided in the last argument of the call. To make sure ipa_getkeytab does not call back into SSSD we have to set _SSS_LOOPS=NO here as well.
Commit d409c10 fixes this issue
Metadata Update from @jhrozek: - Issue priority set to: critical (was: minor) - Issue set to the milestone: SSSD 2.2
(For sake of history) For details look https://bugzilla.redhat.com/show_bug.cgi?id=1681279 and https://pagure.io/SSSD/sssd/issue/3972
Metadata Update from @atikhonov: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1681279
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4964
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.