Bug 2077563

Summary: Race condition in krb5_set_password() [rhel-8.7]
Product: Red Hat Enterprise Linux 8 Reporter: Julien Rische <jrische>
Component: krb5Assignee: Julien Rische <jrische>
Status: CLOSED ERRATA QA Contact: Filip Dvorak <fdvorak>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.7CC: abobrov, atikhono, fdvorak, grajaiya, ipa-qe, jhrozek, jrische, lslebodn, mjurasek, mzidek, pamadio, pbrezina, sbose, tscherf
Target Milestone: rcKeywords: Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: krb5-1.18.2-20.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2063163 Environment:
web.engineering.redhat.com/brew/index
Last Closed: 2022-11-08 10:45:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2063163    
Bug Blocks: 2076965    

Description Julien Rische 2022-04-21 15:12:38 UTC 
+++ This bug was initially created as a clone of Bug #2063163 +++

Description of problem:

This is to track https://krbdev.mit.edu/rt/Ticket/Display.html?id=9037 upstream ticket and possible solutions to it in the context of sssd.

The customer is experiencing https://access.redhat.com/solutions/3380341 on a regular basis. This occurs after the machine account needs to be renewed (every 30 days), but not every time, which is likely due to race condition described in the ticket above.

--- Additional comment from Alexey Tikhonov on 2022-03-11 12:22:31 UTC ---

Hi,

wouldn't 'adcli' component (executed under the hood by SSSD for this operation) be more suitable?

--- Additional comment from Alexey Tikhonov on 2022-03-11 12:24:14 UTC ---

(In reply to Alexey Tikhonov from comment #3)
> Hi,
> 
> wouldn't 'adcli' component (executed under the hood by SSSD for this
> operation) be more suitable?

Perhaps "not" if proposed work-around is "retry by SSSD".
Comment 9 errata-xmlrpc 2022-11-08 10:45:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (krb5 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:7696