Bug 599027

Summary: Makefile typo causes SSSD not to use the kernel keyring
Product: Red Hat Enterprise Linux 6 Reporter: Stephen Gallagher <sgallagh>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED CURRENTRELEASE QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: benl, dpal, grajaiya, jgalipea, jhrozek, sbose, sgallagh, snagar, ssorce
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sssd-1.2.0-13.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 599026 Environment:
Last Closed: 2010-11-10 21:39:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 599026    
Bug Blocks: 579775    

Description Stephen Gallagher 2010-06-02 14:38:27 UTC 
+++ This bug was initially created as a clone of Bug #599026 +++

Description of problem:
There is a typo in the Makefile for SSSD. Using KEYUITLS_LIB instead of KEYUTILS_LIB results in the SSSD using its own internal storage instead of the slightly more secure kernel keyring.


Version-Release number of selected component (if applicable):
sssd-1.2.0-12.fc13

How reproducible:
Every time

Steps to Reproduce:
1. Compile the SSSD
2. Run the sssd with krb5_store_password_if_offline
  
Actual results:
The kernel keyring is not used, and internal storage is used instead.

Expected results:
The kernel keyring is used.

Additional info:
N/A
Comment 2 Jenny Severance 2010-08-17 14:18:49 UTC 
Can you please add steps to verify?  How to make sure the kernel keyring is used vs. internal storage. Thanks!
Comment 3 Sumit Bose 2010-08-17 14:33:09 UTC 
You can check /proc/keys . If a key for delayed authentication is stored you should see an entry with the user name in the description column.
Comment 4 Gowrishankar Rajaiyan 2010-08-20 06:45:35 UTC 
[root@rhel6snap11 ~]# cat /proc/keys 
107ddc77 I--Q--     6 perm 1f3f0000     0    -1 keyring   _uid.0: empty
10fdbfc8 I--Q--     1 perm 1f3f0000     0     0 keyring   _tid: 1/4
1cc03fd9 I--Q--     5 perm 1f3f0000     0     0 keyring   _ses: 1/4
25a28a63 I--Q--     5 perm 1f3f0000     0     0 keyring   _ses: 1/4
28f7beea I--Q--     1 perm 1f3f0000     0    -1 keyring   _uid_ses.0: 1/4
2d80dabe I--Q--     3 perm 1f3f0000     0     0 keyring   _ses: empty
2e418e65 I--Q--     3 perm 1f3f0000     0     0 keyring   _ses: 1/4
3b1fd6d5 I--Q--     1 perm 3b3f0000     0     0 user      sssd: 8          <<<<
3bbc0cce I--Q--    17 perm 1f3f0000     0     0 keyring   _ses: 1/4

Verified. Version: sssd-1.2.1-26.el6.x86_64.
Comment 5 releng-rhel@redhat.com 2010-11-10 21:39:49 UTC 
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.