Bug 677318
Summary: | Does not read renewable ccache at startup. | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Gowrishankar Rajaiyan <grajaiya> | ||||
Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> | ||||
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 6.1 | CC: | benl, dpal, grajaiya, jgalipea, kbanerje, prc | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | sssd-1.5.1-10.el6 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 679097 (view as bug list) | Environment: | |||||
Last Closed: | 2011-05-19 11:38:39 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 679097 | ||||||
Attachments: |
|
This issue is being tracked by upstream bug https://fedorahosted.org/sssd/ticket/796 Checking for renewing the tgt does resume during startup, as expected. Verified: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 13.el6 Build Date: Tue 08 Mar 2011 10:25:44 PM IST Install Date: Wed 09 Mar 2011 07:17:15 PM IST Build Host: x86-005.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-13.el6.src.rpm Size : 3418301 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0560.html An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0560.html |
Created attachment 478603 [details] sssd_default.log Description of problem: Version-Release number of selected component (if applicable): sssd-1.5.1-5.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Login as puser1 -bash-4.1$ klist Ticket cache: FILE:/tmp/krb5_cache/krb5cc_puser1 Default principal: puser1 Valid starting Expires Service principal 02/14/11 15:45:51 02/14/11 15:47:51 krbtgt/EXAMPLE.COM renew until 02/14/11 15:50:51 2. and check for "[renew_all_tgts] (9): Checking [FILE:/tmp/krb5_cache/krb5cc_puser1] for renewal at [Mon Feb 14 15:46:51 2011]." 3. Stop KDC 4. and in the logs ... "[renew_handler] (7): Offline, adding renewal task to online callbacks." 5. Now start KDC and restart SSSD. (make sure to start both of them well within "renew until" time) Actual results: checking for renewing the tgt does not resume during startup. Expected results: Should read the renewable ccache at startup. Additional info: KDC setup: kadmin.local: getprinc krbtgt/EXAMPLE.COM Principal: krbtgt/EXAMPLE.COM Expiration date: [never] Last password change: [never] Password expiration date: [none] Maximum ticket life: 0 days 00:02:00 Maximum renewable life: 0 days 00:05:00 Last modified: Mon Feb 14 04:17:42 EST 2011 (root/admin) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 7 Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt Key: vno 1, AES-128 CTS mode with 96-bit SHA-1 HMAC, no salt Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt Key: vno 1, ArcFour with HMAC/md5, no salt Key: vno 1, DES with HMAC/sha1, no salt Key: vno 1, DES cbc mode with RSA-MD5, no salt Key: vno 1, DES cbc mode with CRC-32, no salt MKey: vno 1 Attributes: Policy: [none] kadmin.local: getprinc puser1 Principal: puser1 Expiration date: [never] Last password change: Mon Feb 14 01:07:17 EST 2011 Password expiration date: [none] Maximum ticket life: 0 days 00:02:00 Maximum renewable life: 0 days 00:05:00 Last modified: Mon Feb 14 04:17:49 EST 2011 (root/admin) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 8 Key: vno 26, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt Key: vno 26, AES-128 CTS mode with 96-bit SHA-1 HMAC, no salt Key: vno 26, Triple DES cbc mode with HMAC/sha1, no salt Key: vno 26, ArcFour with HMAC/md5, no salt Key: vno 26, DES with HMAC/sha1, no salt Key: vno 26, DES cbc mode with RSA-MD5, no salt Key: vno 26, DES cbc mode with CRC-32, Version 4 Key: vno 26, DES cbc mode with CRC-32, AFS version 3 MKey: vno 1 Attributes: Policy: [none] Relevant SSSD section: [domain/default] id_provider = ldap ldap_uri = ldaps://sssdldap.idm.lab.bos.redhat.com:636 ldap_search_base = dc=example,dc=com ldap_tls_reqcert = demand ldap_tls_cacertdir = /etc/openldap/cacerts ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc cache_credentials = false enumerate = false debug_level = 9 auth_provider = krb5 krb5_kdcip = sssdldap.idm.lab.bos.redhat.com krb5_realm = EXAMPLE.COM chpass_provider = krb5 krb5_ccachedir = /tmp/krb5_cache krb5_ccname_template = FILE:%d/krb5cc_%u krb5_renewable_lifetime = 5m krb5_lifetime = 120s krb5_renew_interval = 10s