Bug 2076965

Summary: Race condition in krb5_set_password() [fedora-all]
Product: [Fedora] Fedora Reporter: Julien Rische <jrische>
Component: krb5Assignee: Julien Rische <jrische>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: abobrov, abokovoy, antorres, atikhono, dpal, fdvorak, ftrivino, grajaiya, ipa-qe, jhrozek, j, lslebodn, mzidek, npmccallum, pbrezina, sbose, ssorce, tscherf
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: krb5-1.19.2-11.fc36 krb5-1.19.2-8.fc35 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2063163 Environment:
Last Closed: 2022-06-20 00:39:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2063163, 2077563    
Bug Blocks:    

Description Julien Rische 2022-04-20 10:36:27 UTC 
+++ This bug was initially created as a clone of Bug #2063163 +++

Description of problem:

This is to track https://krbdev.mit.edu/rt/Ticket/Display.html?id=9037 upstream ticket and possible solutions to it in the context of sssd.

The customer is experiencing https://access.redhat.com/solutions/3380341 on a regular basis. This occurs after the machine account needs to be renewed (every 30 days), but not every time, which is likely due to race condition described in the ticket above.

--- Additional comment from Alexey Tikhonov on 2022-03-11 12:22:31 UTC ---

Hi,

wouldn't 'adcli' component (executed under the hood by SSSD for this operation) be more suitable?

--- Additional comment from Alexey Tikhonov on 2022-03-11 12:24:14 UTC ---

(In reply to Alexey Tikhonov from comment #3)
> Hi,
> 
> wouldn't 'adcli' component (executed under the hood by SSSD for this
> operation) be more suitable?

Perhaps "not" if proposed work-around is "retry by SSSD".
Comment 2 Fedora Update System 2022-06-16 06:30:55 UTC 
FEDORA-2022-f277d02a73 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-f277d02a73
Comment 3 Fedora Update System 2022-06-16 10:18:52 UTC 
FEDORA-2022-0346da878d has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-0346da878d
Comment 4 Fedora Update System 2022-06-17 01:49:06 UTC 
FEDORA-2022-0346da878d has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-0346da878d`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-0346da878d

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2022-06-17 02:01:50 UTC 
FEDORA-2022-f277d02a73 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-f277d02a73`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-f277d02a73

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2022-06-20 00:39:54 UTC 
FEDORA-2022-f277d02a73 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 7 Fedora Update System 2022-07-02 01:19:46 UTC 
FEDORA-2022-0346da878d has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.