Back to bug 1683295
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2019-02-26 14:31:22 UTC | Pool ID | 0 | 176 |
| Jakub Jelen | 2019-03-01 10:50:28 UTC | Status | NEW | ASSIGNED |
| Target Release | 8.0 | 8.1 | ||
| Doc Text | Cause: Bug in the code and in the test let this issue with this use case slip through to the release. Consequence: The kerberos credentials are not cleaned up with GSSAPIDelegateCredentials and GSSAPICleanupCredentials options set, while having default_ccache_name configured in the krb5.conf Workaround (if any): Using KerberosUniqueCCName can be used as a workaround to make sure the credentials will be cleaned up on disconnect, with a side effect that the kerberos credential caches will be stored per-session. Result: | |||
| Doc Type | If docs needed, set a value | Known Issue | ||
| Jakub Jelen | 2019-03-04 12:35:15 UTC | Summary | Kerberos cleanup procedures should not be called as a root to be compatible with KCM | Kerberos cleanup procedures do not work with GSSAPIDelegateCredentials and default ccache from krb5.conf |
| Jakub Jelen | 2019-03-04 15:15:35 UTC | CC | szidek | |
| Jakub Jelen | 2019-03-14 10:34:59 UTC | Keywords | Triaged | |
| Priority | unspecified | medium | ||
| Stef Walter | 2019-03-15 20:56:24 UTC | Depends On | 1682500 | |
| Stanislav Zidek | 2019-03-22 14:57:21 UTC | Flags | needinfo?(jjelen) | |
| Jakub Jelen | 2019-03-25 10:36:07 UTC | Flags | needinfo?(jjelen) | |
| Jakub Jelen | 2019-05-24 11:12:04 UTC | Status | ASSIGNED | MODIFIED |
| Fixed In Version | openssh-8.0p1-1.el8 | |||
| errata-xmlrpc | 2019-05-29 13:43:42 UTC | Status | MODIFIED | ON_QA |
| Lucie Vařáková | 2019-06-13 10:28:12 UTC | CC | lmanasko | |
| Docs Contact | mjahoda | |||
| Anderson Sasaki | 2019-06-26 16:40:16 UTC | CC | ansasaki | |
| QA Contact | qe-baseos-security | ansasaki | ||
| Lucie Vařáková | 2019-07-10 10:25:24 UTC | Flags | needinfo?(jjelen) | |
| Jakub Jelen | 2019-07-10 11:06:40 UTC | Doc Text | Cause: Bug in the code and in the test let this issue with this use case slip through to the release. Consequence: The kerberos credentials are not cleaned up with GSSAPIDelegateCredentials and GSSAPICleanupCredentials options set, while having default_ccache_name configured in the krb5.conf Workaround (if any): Using KerberosUniqueCCName can be used as a workaround to make sure the credentials will be cleaned up on disconnect, with a side effect that the kerberos credential caches will be stored per-session. Result: | Cause: Bug in the code and in the test let this issue with this use case slip through to the release. Consequence: The kerberos credentials are not cleaned up with GSSAPIDelegateCredentials and GSSAPICleanupCredentials options set, while having default_ccache_name configured in the krb5.conf Fix: The source code was updated to properly cleanup credential caches in the described use cases. Result: The credential cache is cleaned up on exit if configured. |
| Doc Type | Known Issue | Bug Fix | ||
| Flags | needinfo?(jjelen) | |||
| Ondrej Moriš | 2019-07-30 12:40:49 UTC | Status | ON_QA | VERIFIED |
| CC | omoris | |||
| Lucie Vařáková | 2019-08-19 13:53:47 UTC | Docs Contact | mjahoda | ajamaiya |
| Abhimanyu Jamaiyar | 2019-09-06 13:20:12 UTC | Doc Text | Cause: Bug in the code and in the test let this issue with this use case slip through to the release. Consequence: The kerberos credentials are not cleaned up with GSSAPIDelegateCredentials and GSSAPICleanupCredentials options set, while having default_ccache_name configured in the krb5.conf Fix: The source code was updated to properly cleanup credential caches in the described use cases. Result: The credential cache is cleaned up on exit if configured. | .Kerberos cleanup procedures are now compatible with `GSSAPIDelegateCredentials` and default cache from `krb5.conf` Previously, when the `default_ccache_name` option was configured in the `krb5.conf` file, the kerberos credentials were not cleaned up with the `GSSAPIDelegateCredentials` and `GSSAPICleanupCredentials` options set. This bug is now fixed by updating the source code to clean up credential caches in the described use cases. After the configuration, the credential cache gets cleaned up on exit if the user configures it. |
| Flags | needinfo?(jjelen) | |||
| Jakub Jelen | 2019-09-10 09:55:42 UTC | Flags | needinfo?(jjelen) | |
| errata-xmlrpc | 2019-11-05 00:58:53 UTC | Status | VERIFIED | RELEASE_PENDING |
| Pasi Karkkainen | 2019-11-05 20:33:39 UTC | CC | pasik | |
| errata-xmlrpc | 2019-11-05 22:41:32 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-11-05 22:41:32 UTC | |||
| errata-xmlrpc | 2019-11-05 22:42:00 UTC | Link ID | Red Hat Product Errata RHSA-2019:3702 | |
| Red Hat One Jira (issues.redhat.com) | 2020-11-14 13:37:47 UTC | Link ID | Red Hat Issue Tracker - Private RHELPLAN-14508 |
Back to bug 1683295