I can't log in (SSO) via kerberos to popular sites like lists.fedoraproject.org, discussion.fedoraproject.org, pagure.io, etc. I have run kinit and klist shows tickets that haven't yet expired.
klist
I'm using Firefox in a flatpak, but @kevin verified he is also not able to log in.
Soon, please :)
More info: I'm on Fedora 33, everything was working recently. I did just do a system update, though.
In the system update I do see:
Upgrade krb5-libs-1.18.2-29.fc33.x86_64 @updates Upgraded krb5-libs-1.18.2-22.fc33.x86_64 @@System Upgrade krb5-workstation-1.18.2-29.fc33.x86_64 @updates Upgraded krb5-workstation-1.18.2-22.fc33.x86_64 @@System
On another system that still has krb5-libs-1.18.2-22.fc33.x86_64 I also see the problem so I don't think it's related to the update.
krb5-libs-1.18.2-22.fc33.x86_64
I'll also note that I can log in to other non-Fedora resources with a kerberos ticket from that organiziation, so it seems like this is Fedora specific and server specific.
The cause for this was that the keytab name in the secret had been updated, but the secret did not get redeployed (the openshift/keytab role just checks if the secret exists, and then doesn't check further). After updating the name of the keytab in the configmap, this started working again.
openshift/keytab
Metadata Update from @puiterwijk: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @puiterwijk: - Issue assigned to puiterwijk
Login to comment on this ticket.