Red Hat Bugzilla – Full Text Bug Listing
|Summary:||SSSD pollutes log with error messages|
|Product:||[Fedora] Fedora||Reporter:||Eugene Indenbom <eindenbom>|
|Component:||sssd||Assignee:||Stephen Gallagher <sgallagh>|
|Status:||CLOSED ERRATA||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||12||CC:||jhrozek, sbose, sgallagh, ssorce|
|Fixed In Version:||sssd-1.2.0-12.fc13||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2010-06-01 14:13:15 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Eugene Indenbom 2010-03-19 13:14:25 EDT
Description of problem: When using LDAP connection with kerberos encryption SSSD pollutes system log with 2 messages every 10 minutes. The messages are as follows: Mar 18 16:54:29 node-1 sssd_be: GSSAPI Error: The referenced context has expired (Unknown error) Version-Release number of selected component (if applicable): 1.0.5 How reproducible: Steps to Reproduce: 1. Configure SSSD domain with LDAP id provider and kerberos authentication and encryption 2. Look into event log Actual results: 2 error messages every 10 minutes appeared. Expected results: No error messages are expected. Additional info: SSSD functions normally. The messages are produced by sasl_callback set predefined SASL_CB_LOG. An error happens during kerberos packet encryption after kerberos ticket is expired. The error is handled by SSSD later on, but message gets added to system log. There 2 side problems here: 1. Why ticket is acquired for only 5 minutes? 2. Why reconnect happens only after error, not in advance? It makes sense in case of kerberos encryption to acquire ticket for longer period (say 24h) and reconnect in advance before ticket expiry, avoiding error message and processing delay. The workaround for this problem is to use SSL encryption instead of kerberos.
Comment 1 Fedora Admin XMLRPC Client 2010-04-28 10:48:58 EDT
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Comment 2 Fedora Update System 2010-05-18 14:34:01 EDT
sssd-1.1.92-11.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/sssd-1.1.92-11.fc13
Comment 3 Fedora Update System 2010-05-19 15:14:58 EDT
sssd-1.1.92-11.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update sssd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/sssd-1.1.92-11.fc13
Comment 4 Fedora Update System 2010-05-27 14:28:56 EDT
sssd-1.2.0-12.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update sssd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/sssd-1.2.0-12.fc13
Comment 5 Fedora Update System 2010-06-01 14:12:57 EDT
sssd-1.2.0-12.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.