Bug 1781539
| Summary: | PKINIT with KCM does not work | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | amitkuma |
| Component: | sssd | Assignee: | Sumit Bose <sbose> |
| Status: | CLOSED ERRATA | QA Contact: | sssd-qe <sssd-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.8 | CC: | aheverle, atikhono, grajaiya, jhrozek, lslebodn, mzidek, orion, pbrezina, sbose, sgoveas, spoore, sssd-maint, thalman, tscherf |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | sync-to-jira | ||
| Fixed In Version: | sssd-1.16.5-2.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1658813 | Environment: | |
| Last Closed: | 2020-09-29 19:49:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1658813 | ||
| Bug Blocks: | |||
|
Comment 8
Alexey Tikhonov
2020-04-21 08:24:54 UTC
* `sssd-1-16`
* a61b80d7f10bbdfaa10fde1f868c9fb4b7abe62f - krb5_child: fix permissions during SC auth
Verified.
Version ::
sssd-1.16.5-10.el7.x86_64
sssd-kcm-1.16.5-10.el7.x86_64
Results ::
[root@rhel7-4 ~]# vim /etc/krb5.conf
[root@rhel7-4 ~]# grep ccache /etc/krb5.conf
#default_ccache_name = KEYRING:persistent:%{uid}
default_ccache_name = KCM:
[root@rhel7-4 ~]# systemctl start sssd-kcm.socket
[root@rhel7-4 ~]# systemctl enable sssd-kcm.socket
[root@rhel7-4 ~]# systemctl start sssd-secrets.socket
[root@rhel7-4 ~]# systemctl enable sssd-secrets.socket
Created symlink from /etc/systemd/system/sockets.target.wants/sssd-secrets.socket to /usr/lib/systemd/system/sssd-secrets.socket.
[root@rhel7-4 ~]# vim /etc/sssd/sssd.conf
[root@rhel7-4 ~]# tail -3 /etc/sssd/sssd.conf
[kcm]
debug_level = 9
[root@rhel7-4 ~]# systemctl stop sssd; rm -rf /var/lib/sss/{db,mc}/*; systemctl start sssd
[root@rhel7-4 ~]# ls -l /var/run/.heim_org.h5l.kcm-socket
srw-rw-rw-. 1 root root 0 Jun 11 13:40 /var/run/.heim_org.h5l.kcm-socket
[root@rhel7-4 ~]# su - singleuser1 -c "kdestroy -A"
[root@rhel7-4 ~]# su - singleuser1 -c "su - singleuser1 -c klist"
PIN for sctest (MyEID)
Ticket cache: KCM:603200076:79526
Default principal: singleuser1
Valid starting Expires Service principal
06/11/2020 13:44:44 06/12/2020 13:44:37 krbtgt/EXAMPLE.COM
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (sssd bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:3904 |