SSSD / sssd

Clone

#410 RFE Avoid dual authentication at logon
Closed: Invalid None Opened 14 years ago by dpal.

Closed: Invalid
Reopen Issue

Description:

- 1) Disconnect a laptop from the network
- 2) Suspend it for some time so that ticket expires if any.
- 3) Plug it into the docking station while it is getting out from suspend mode
- 4) Authenticate at the screen lock screen
- 5) Desktop gets unlocked

Expected result:
Since you are online it it is expected that further authentication is not required

Actual:
The Network Authentication dialog comes up prompting for password.

Not: I automatically filled it in and only after I did it realized that this should not be the case. 

(Mon Feb 22 08:07:47 2010) [sssd[pam]] [accept_fd_handler] (4): Client connected! 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [sss_cmd_get_version] (5): Received client version [3]. 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [sss_cmd_get_version] (5): Offered version [3]. 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_cmd_authenticate] (4): entering pam_cmd_authenticate 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): command: 241 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): domain: (null) 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): user: dpal 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): service: gnome-screensaver 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): tty: :0.0 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): ruser: (null) 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): rhost: (null) 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): authtok type: 1 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): authtok size: 10 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): newauthtok type: 0 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): newauthtok size: 0 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): priv: 0 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): pw_uid: 0 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): gr_gid: 0 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [pam_print_data] (4): cli_pid: 4809 
(Mon Feb 22 08:07:47 2010) [sssd[pam]] [sss_dp_send_acct_req_create] (4): Sending request for [redhat.com][3][core][name=dpal] 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [sss_dp_get_reply] (4): Got reply (0, 0, Success) from Data Provider 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_dp_send_req] (4): Sending request with the following data: 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): command: 241 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): domain: redhat.com 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): user: dpal 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): service: gnome-screensaver 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): tty: :0.0 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): ruser: (null) 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): rhost: (null) 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): authtok type: 1 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): authtok size: 10 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): newauthtok type: 0 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): newauthtok size: 0 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): priv: 0 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): pw_uid: 12785 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): gr_gid: 12785 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_print_data] (4): cli_pid: 4809 
(Mon Feb 22 08:07:48 2010) [sssd[pam]] [pam_dom_forwarder] (4): pam_dp_send_req returned 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_dp_process_reply] (4): received: [0][redhat.com] 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_reply] (4): pam_reply get called. 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_reply] (4): pam_reply get called. 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_reply] (4): blen: 158 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_cmd_acct_mgmt] (4): entering pam_cmd_acct_mgmt 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): command: 243 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): domain: (null) 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): user: dpal 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): service: gnome-screensaver 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): tty: :0.0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): ruser: (null) 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): rhost: (null) 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): authtok type: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): authtok size: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): newauthtok type: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): newauthtok size: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): priv: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): pw_uid: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): gr_gid: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): cli_pid: 4809 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_dp_send_req] (4): Sending request with the following data: 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): command: 243 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): domain: redhat.com 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): user: dpal 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): service: gnome-screensaver 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): tty: :0.0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): ruser: (null) 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): rhost: (null) 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): authtok type: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): authtok size: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): newauthtok type: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): newauthtok size: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): priv: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): pw_uid: 12785 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): gr_gid: 12785 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): cli_pid: 4809 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_dom_forwarder] (4): pam_dp_send_req returned 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_dp_process_reply] (4): received: [0][redhat.com] 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_reply] (4): pam_reply get called. 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_reply] (4): blen: 27 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_cmd_setcred] (4): entering pam_cmd_setcred 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): command: 242 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): domain: (null) 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): user: dpal 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): service: gnome-screensaver 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): tty: :0.0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): ruser: (null) 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): rhost: (null) 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): authtok type: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): authtok size: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): newauthtok type: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): newauthtok size: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): priv: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): pw_uid: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): gr_gid: 0 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [pam_print_data] (4): cli_pid: 4809 
(Mon Feb 22 08:07:49 2010) [sssd[pam]] [sss_dp_send_acct_req_create] (4): Sending request for [redhat.com][3][core][name=dpal] 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [sss_dp_get_reply] (4): Got reply (0, 0, Success) from Data Provider 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_dp_send_req] (4): Sending request with the following data: 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): command: 242 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): domain: redhat.com 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): user: dpal 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): service: gnome-screensaver 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): tty: :0.0 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): ruser: (null) 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): rhost: (null) 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): authtok type: 0 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): authtok size: 0 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): newauthtok type: 0 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): newauthtok size: 0 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): priv: 0 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): pw_uid: 12785 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): gr_gid: 12785 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_print_data] (4): cli_pid: 4809 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_dom_forwarder] (4): pam_dp_send_req returned 0 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_dp_process_reply] (4): received: [0][redhat.com] 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_reply] (4): pam_reply get called. 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [pam_reply] (4): blen: 27 
(Mon Feb 22 08:07:50 2010) [sssd[pam]] [client_recv] (5): Client disconnected!

It's unclear what "Network Authentication" dialog you are referring to. Is it the krb5-auth-dialog, or is it the GNOME password manager (that would unlock WiFI keys, etc.)

I'm assuming it's the former. It sounds to me like we're changing the location of the credential cache if we auth after it has been expired, but I could have sworn we addressed exactly that case when we allowed the cache to remain between reboots.

Sumit, could you please triage this issue?

component: PAM => Kerberos Provider

Can you provide the logs of the backend, too?

 
(Mon Feb 22 08:06:14 2010) [sssd[be[redhat.com]]] [acctinfo_callback] (4): Request processed. Returned 1,110,Init Groups Failed
(Mon Feb 22 08:06:14 2010) [sssd[be[redhat.com]]] [ldap_id_enumerate_timer] (4): Backend is marked offline, retry later!
(Mon Feb 22 08:06:14 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Got request for [4099][core][name=postfix]
(Mon Feb 22 08:06:14 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Request processed. Returned 1,11,Fast reply - offline
(Mon Feb 22 08:06:14 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Got request for [4097][core][idnumber=12785]
(Mon Feb 22 08:06:14 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Request processed. Returned 1,11,Fast reply - offline
(Mon Feb 22 08:06:14 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Got request for [4097][core][name=dpal]
(Mon Feb 22 08:06:14 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Request processed. Returned 1,11,Fast reply - offline
(Mon Feb 22 08:06:14 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Got request for [4097][core][name=dpal]
(Mon Feb 22 08:06:14 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Request processed. Returned 1,11,Fast reply - offline
(Mon Feb 22 08:06:14 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Got request for [4097][core][name=dpal]
(Mon Feb 22 08:06:14 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Request processed. Returned 1,11,Fast reply - offline
(Mon Feb 22 08:06:30 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Got request for [4097][core][idnumber=12785]
(Mon Feb 22 08:06:30 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Request processed. Returned 1,11,Fast reply - offline
(Mon Feb 22 08:06:30 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Got request for [4099][core][name=nscd]
(Mon Feb 22 08:06:30 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Request processed. Returned 1,11,Fast reply - offline
(Mon Feb 22 08:07:19 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Got request for [4099][core][name=ntp]
(Mon Feb 22 08:07:19 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Request processed. Returned 1,11,Fast reply - offline
(Mon Feb 22 08:07:19 2010) [sssd[be[redhat.com]]] [fo_resolve_service_send] (4): Trying to resolve service 'LDAP'
(Mon Feb 22 08:07:19 2010) [sssd[be[redhat.com]]] [be_resolve_server_done] (4): Found address for server ldap.bos.redhat.com: [10.16.255.3]
(Mon Feb 22 08:07:19 2010) [sssd[be[redhat.com]]] [simple_bind_send] (4): Executing simple bind as: (null)
(Mon Feb 22 08:07:19 2010) [sssd[be[redhat.com]]] [simple_bind_done] (5): Server returned no controls.
(Mon Feb 22 08:07:19 2010) [sssd[be[redhat.com]]] [simple_bind_done] (3): Bind result: Success(0),
(Mon Feb 22 08:07:19 2010) [sssd[be[redhat.com]]] [fo_set_port_status] (4): Marking port 389 of server 'ldap.bos.redhat.com' as 'working'
(Mon Feb 22 08:07:19 2010) [sssd[be[redhat.com]]] [set_server_common_status] (4): Marking server 'ldap.bos.redhat.com' as 'working'
(Mon Feb 22 08:07:19 2010) [sssd[be[redhat.com]]] [sdap_get_initgr_user] (2): Expected one user entry and got 0
(Mon Feb 22 08:07:36 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Got request for [4099][core][name=nscd]
(Mon Feb 22 08:07:36 2010) [sssd[be[redhat.com]]] [sdap_get_initgr_user] (2): Expected one user entry and got 0
(Mon Feb 22 08:07:36 2010) [sssd[be[redhat.com]]] [acctinfo_callback] (4): Request processed. Returned 3,2,Init Groups Failed
(Mon Feb 22 08:07:47 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Got request for [3][core][name=dpal]
(Mon Feb 22 08:07:47 2010) [sssd[be[redhat.com]]] [sdap_save_group_done] (2): Failed to save group devel [5]
(Mon Feb 22 08:07:47 2010) [sssd[be[redhat.com]]] [sdap_save_groups_loop] (2): Failed to store group 0. Ignoring.
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [acctinfo_callback] (4): Request processed. Returned 0,0,Success
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [be_pam_handler] (4): Got request with the following data
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): command: 241
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): domain: redhat.com
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): user: dpal
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): service: gnome-screensaver
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): tty: :0.0
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): ruser:
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): rhost:
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): authtok type: 1
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): authtok size: 10
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): newauthtok type: 0
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): newauthtok size: 0
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): priv: 0
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): pw_uid: 12785
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): gr_gid: 12785
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): cli_pid: 4809
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [fo_resolve_service_send] (4): Trying to resolve service 'KRB5'
(Mon Feb 22 08:07:48 2010) [sssd[be[redhat.com]]] [be_resolve_server_done] (4): Found address for server kerberos.corp.redhat.com: [10.5.0.11]
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [krb5_child_done] (4): child response [0][3][41].
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [fo_set_port_status] (4): Marking port 0 of server 'kerberos.corp.redhat.com' as 'working'
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [set_server_common_status] (4): Marking server 'kerberos.corp.redhat.com' as 'working'
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [child_sig_handler] (4): child [4813] finished successful.
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [child_sig_handler] (1): waitpid failed [10][No child processes].
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [be_pam_handler_callback] (4): Backend returned: (0, 0, <NULL>) [Success]
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [be_pam_handler_callback] (4): Sending result [0][redhat.com]
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [be_pam_handler_callback] (4): Sent result [0][redhat.com]
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [be_pam_handler] (4): Got request with the following data
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): command: 243
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): domain: redhat.com
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): user: dpal
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): service: gnome-screensaver
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): tty: :0.0
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): ruser:
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): rhost:
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): authtok type: 0
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): authtok size: 0
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): newauthtok type: 0
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): newauthtok size: 0
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): priv: 0
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): pw_uid: 12785
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): gr_gid: 12785
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): cli_pid: 4809
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [be_pam_handler_callback] (4): Backend returned: (0, 0, <NULL>) [Success]
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [be_pam_handler_callback] (4): Sending result [0][redhat.com]
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [be_pam_handler_callback] (4): Sent result [0][redhat.com]
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [be_get_account_info] (4): Got request for [3][core][name=dpal]
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [sdap_save_group_done] (2): Failed to save group devel [5]
(Mon Feb 22 08:07:49 2010) [sssd[be[redhat.com]]] [sdap_save_groups_loop] (2): Failed to store group 0. Ignoring.
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [acctinfo_callback] (4): Request processed. Returned 0,0,Success
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [be_pam_handler] (4): Got request with the following data
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): command: 242
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): domain: redhat.com
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): user: dpal
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): service: gnome-screensaver
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): tty: :0.0
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): ruser:
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): rhost:
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): authtok size: 0
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): newauthtok type: 0
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): newauthtok size: 0
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): priv: 0
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): pw_uid: 12785
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): gr_gid: 12785
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [pam_print_data] (4): cli_pid: 4809
(Mon Feb 22 08:07:50 2010) [sssd[be[redhat.com]]] [be_pam_handler] (4): Sending result [0][redhat.com]

The first pop-up to unlock the screen has timed out. This is why there is activity at 8:06 and then at 8:07.

Fields changed

description: Description:

1) Disconnect a laptop from the network
2) Suspend it for some time so that ticket expires if any.
3) Plug it into the docking station while it is getting out from suspend mode
4) Authenticate at the screen lock screen
5) Desktop gets unlocked

Expected result:
Since you are online it it is expected that further authentication is not required

Actual:
The Network Authentication dialog comes up prompting for password.

Not: I automatically filled it in and only after I did it realized that this should not be the case. => Description:

  • 1) Disconnect a laptop from the network
  • 2) Suspend it for some time so that ticket expires if any.
  • 3) Plug it into the docking station while it is getting out from suspend mode
  • 4) Authenticate at the screen lock screen
  • 5) Desktop gets unlocked

Expected result:
Since you are online it it is expected that further authentication is not required

Actual:
The Network Authentication dialog comes up prompting for password.

Not: I automatically filled it in and only after I did it realized that this should not be the case.

Fields changed

description: Description:

  • 1) Disconnect a laptop from the network
  • 2) Suspend it for some time so that ticket expires if any.
  • 3) Plug it into the docking station while it is getting out from suspend mode
  • 4) Authenticate at the screen lock screen
  • 5) Desktop gets unlocked

Expected result:
Since you are online it it is expected that further authentication is not required

Actual:
The Network Authentication dialog comes up prompting for password.

Not: I automatically filled it in and only after I did it realized that this should not be the case. => Description:

  • 1) Disconnect a laptop from the network
  • 2) Suspend it for some time so that ticket expires if any.
  • 3) Plug it into the docking station while it is getting out from suspend mode
  • 4) Authenticate at the screen lock screen
  • 5) Desktop gets unlocked

Expected result:
Since you are online it it is expected that further authentication is not required

Actual:
The Network Authentication dialog comes up prompting for password.

Not: I automatically filled it in and only after I did it realized that this should not be the case.

Fields changed

milestone: NEEDS_TRIAGE => SSSD Deferred

This is not related to the SSSD. krb5-auth-dialog in RHEL5 prompts (behind the screensaver) for credential update whenever the credentials expire. It doesn't detect that authenticating at the screensaver has updated the credentials, because the dialog is already being displayed before the screensaver auth occurs.

resolution: => invalid
status: new => closed

Fields changed

rhbz: => 0

Metadata Update from @dpal:
- Issue assigned to sbose
- Issue set to the milestone: SSSD Patches welcome
7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1452

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
major
enhancement
Kerberos Provider
1.0.4
None
0
None
0
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.