#9500 SSO via kerberos not working
Closed: Fixed 3 years ago by puiterwijk. Opened 3 years ago by dustymabe.

Describe what you would like us to do:


I can't log in (SSO) via kerberos to popular sites like lists.fedoraproject.org, discussion.fedoraproject.org, pagure.io, etc. I have run kinit and klist shows tickets that haven't yet expired.

I'm using Firefox in a flatpak, but @kevin verified he is also not able to log in.

When do you need this to be done by? (YYYY/MM/DD)


Soon, please :)


More info: I'm on Fedora 33, everything was working recently. I did just do a system update, though.

In the system update I do see:

    Upgrade  krb5-libs-1.18.2-29.fc33.x86_64                                @updates
    Upgraded krb5-libs-1.18.2-22.fc33.x86_64                                @@System
    Upgrade  krb5-workstation-1.18.2-29.fc33.x86_64                         @updates
    Upgraded krb5-workstation-1.18.2-22.fc33.x86_64                         @@System

On another system that still has krb5-libs-1.18.2-22.fc33.x86_64 I also see the problem so I don't think it's related to the update.

I'll also note that I can log in to other non-Fedora resources with a kerberos ticket from that organiziation, so it seems like this is Fedora specific and server specific.

The cause for this was that the keytab name in the secret had been updated, but the secret did not get redeployed (the openshift/keytab role just checks if the secret exists, and then doesn't check further).
After updating the name of the keytab in the configmap, this started working again.

Metadata Update from @puiterwijk:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata Update from @puiterwijk:
- Issue assigned to puiterwijk

3 years ago

Login to comment on this ticket.

Metadata