Learn more about these different git repos.
Other Git URLs
sssd configured with IPA as backend. When two (or more) concurrent ssh logins happen for same account, krb5_child removes ccache file created by another process.
It used to work in CentOS 6.6 (sssd-1.11.6-30.el6.x86_64) but stopped working with CentOS 6.7 (sssd-1.12.4-47.el6.x86_64). It still doesn't work with CentOS 6.10 or 7.7.
How to reproduce: 1) issue two ssh logins at the same time, e.g. from a split terminal which enters keys in two windows 2) enter password and hit enter 3) two sessions are opened, one session has proper ccache, the other doesn't
Good session after login:
$ klist Ticket cache: FILE:/tmp/krb5cc_790600003_d0kWvL Default principal: u1@A.B.C Valid starting Expires Service principal 10/02/19 22:53:59 10/03/19 22:53:58 krbtgt/A.B.C@A.B.C
Bad session after login:
$ klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_790600003_9p4noH)
The ccache got removed from filesystem.
Hi,
can you add debug_level=9 to the [domain\....] section of sssd.conf, restart SSSD, run the login test again and attach the SSSD logs to the ticket?
debug_level=9
[domain\....]
There is a serialization of the login attempts of the same user and SSSD saves the name of the credential cache to prevent this issue. The logs should tell why the first one is not used anymore.
bye, Sumit
No activity in this ticket -> candidate to close
Metadata Update from @thalman: - Issue tagged with: Canditate to close
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Metadata Update from @pbrezina: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/5056
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.