Bug 1639376
Summary: | sshd sets wrong value for KRB5CCNAME, code is in Redhat patch | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | hedrick |
Component: | openssh | Assignee: | Jakub Jelen <jjelen> |
Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 7.5 | CC: | a.korsunsky, jhrozek, nmavrogi, o.freyermuth |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-02-11 15:41:21 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
hedrick
2018-10-15 15:17:02 UTC
sorry, code for sssd is not entirely in krb5_ccache.c. Unfortunately it's not in any one place, so it can't just be copied into sshd. Thank you for taking the time to enter a bug report with us. We appreciate the feedback and look to use reports such as this to guide our efforts at improving our products. That being said, this bug tracking system is not a mechanism for requesting support, and we are not able to guarantee the timeliness or suitability of a resolution. If this issue is critical or in any way time sensitive, please raise a ticket through your regular Red Hat support channels to make certain it receives the proper attention and prioritization to assure a timely resolution. For information on how to contact the Red Hat production support team, please visit: https://www.redhat.com/support/process/production/#howto Morover, some of you already described is already handled in the bugs #1566494 (private) and #1278017 as well as in the upstream bug [1] so any feedback or improvements to the proposed code would be very appreciated. [1] https://bugzilla.mindrot.org/show_bug.cgi?id=2775 This is not a request for support. I'm perfectly capable of fixing this for our own systems. This is a report of a problem with the behavior of the software. I'd actually prefer for it to be handled upstream. You're proposed some patches, but I checked in the upstream source and I don't see anything. Hence my question in the upstream bugzilla about the status of this issue. I'll try to apply the patch and see if it fixes things, if the patch is still live. Actually it's not clear to me just what code to check. There are two patches upstream, and you seem to be referring to two Redhat patches, one private. What code would you like me to check? This is indeed a support request to get a bug fixed, which we do for our customers. But I appreciate your willingness to contribute back. Unfortunately, the OpenSSH upstream is not very willing to fix bugs or improve certain parts of the code they are not very familiar with or not matching their OpenBSD use cases. It looks like you already figured out how to check and test the code so thank you for your comments. I will try to have a look into them to address them. This issue was not selected to be included either in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small amount of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available. We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise we recommend moving the request to Red Hat Enterprise Linux 8 if applicable. |