freeipa

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments.  |  http://www.freeipa.org/

#2980 Automount fails for IPA user when kerberos ticket is expired, ssh hangs

Created 5 years ago by dpal
Modified a year ago

https://bugzilla.redhat.com/show_bug.cgi?id=846109 (Red Hat Enterprise Linux 6)

Description of problem:
Once an IPA users' kerberos ticket expires, the expired credential is left in
/tmp, and causes the users' home directory to fail to automount on next login
(via ssh in this case). This also causes ssh to hang up during the connection.

Version-Release number of selected component (if applicable):
autofs-5.0.5-54.el6.x86_64
ipa-client-2.2.0-16.el6.x86_64
ipa-python-2.2.0-16.el6.x86_64
libipa_hbac-1.8.0-32.el6.x86_64
libipa_hbac-python-1.8.0-32.el6.x86_64
python-iniparse-0.3.1-2.1.el6.noarch

How reproducible:
Always, in the customers environment.

Steps to Reproduce:
1. Setup automounts for home directories via IPA webui
2. Login with one of the IPA users
3. Allow home directory to mount
4. Logout
5. Wait for kerberos ticket to expire
6. Attempt to log back in with the same user

Actual results:
Automount fails to mount, ssh hangs

Expected results:
Automount should mount, ssh should not hang

Additional info:
Attaching strace of a successful and unsuccessful test.

Moved to autofs for investigation. Closing as not an IPA issue. Will reopen if it comes back as in fact an IPA problem.

Moving closed RC1 tickets to Beta 3.

a year ago

Metadata Update from @dpal:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 3.0 Beta 3

Login to comment on this ticket.

defect

IPA

0

https://bugzilla.redhat.com/show_bug.cgi?id=846109

cancel