Learn more about these different git repos.
Other Git URLs
sssd configured with IPA as backend. When two (or more) concurrent ssh logins happen for same account, krb5_child removes ccache file created by another process.
It used to work in CentOS 6.6 (sssd-1.11.6-30.el6.x86_64) but stopped working with CentOS 6.7 (sssd-1.12.4-47.el6.x86_64). It still doesn't work with CentOS 6.10 or 7.7.
How to reproduce:
1) issue two ssh logins at the same time, e.g. from a split terminal which enters keys in two windows
2) enter password and hit enter
3) two sessions are opened, one session has proper ccache, the other doesn't
Good session after login:
Ticket cache: FILE:/tmp/krb5cc_790600003_d0kWvL
Default principal: u1@A.B.C
Valid starting Expires Service principal
10/02/19 22:53:59 10/03/19 22:53:58 krbtgt/A.B.C@A.B.C
Bad session after login:
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_790600003_9p4noH)
The ccache got removed from filesystem.
can you add debug_level=9 to the [domain\....] section of sssd.conf, restart SSSD, run the login test again and attach the SSSD logs to the ticket?
There is a serialization of the login attempts of the same user and SSSD saves the name of the credential cache to prevent this issue. The logs should tell why the first one is not used anymore.
to comment on this ticket.