Bug 678112

Summary: krb5_renew_interval should accept only numeric values and no s/m/d suffix.
Product: Red Hat Enterprise Linux 7 Reporter: Gowrishankar Rajaiyan <grajaiya>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED UPSTREAM QA Contact: Ben Levenson <benl>
Severity: low Docs Contact:
Priority: low    
Version: 7.0CC: dpal, grajaiya, jgalipea, jhrozek, kbanerje, prc, rmainz
Target Milestone: pre-dev-freeze   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-05-22 12:00:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 756082    

Description Gowrishankar Rajaiyan 2011-02-16 18:51:54 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
sssd-1.5.1-5.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure SSSD for LDAP identity and Kerberos authentication. Refer "additional info" for relevant domain section of sssd.conf.
2. Replace krb5_renew_interval value to "10s".
3. Restart SSSD.
4. Login as a user and observe the sssd domain logs.
  
Actual results:

krb5_renew_interval accepts "s" as its suffix and checks for renewing the tgt.

sssd_default.log:
(Thu Feb 17 00:10:40 2011) [sssd[be[default]]] [renew_all_tgts] (9): Checking [FILE:/tmp/krb5_cache/krb5cc_puser1] for renewal at [Thu Feb 17 00:11:35 2011].
(Thu Feb 17 00:10:40 2011) [sssd[be[default]]] [renew_handler] (7): Adding new renew timer.
(Thu Feb 17 00:10:42 2011) [sssd[be[default]]] [sbus_dispatch] (9): dbus conn: 9AB850
(Thu Feb 17 00:10:42 2011) [sssd[be[default]]] [sbus_dispatch] (9): Dispatching.
(Thu Feb 17 00:10:42 2011) [sssd[be[default]]] [sbus_message_handler] (9): Received SBUS method [ping]
(Thu Feb 17 00:10:51 2011) [sssd[be[default]]] [renew_all_tgts] (9): Checking [FILE:/tmp/krb5_cache/krb5cc_puser1] for renewal at [Thu Feb 17 00:11:35 2011].
(Thu Feb 17 00:10:51 2011) [sssd[be[default]]] [renew_handler] (7): Adding new renew timer.
(Thu Feb 17 00:10:52 2011) [sssd[be[default]]] [sbus_dispatch] (9): dbus conn: 9AB850
(Thu Feb 17 00:10:52 2011) [sssd[be[default]]] [sbus_dispatch] (9): Dispatching.
(Thu Feb 17 00:10:52 2011) [sssd[be[default]]] [sbus_message_handler] (9): Received SBUS method [ping]
(Thu Feb 17 00:11:01 2011) [sssd[be[default]]] [renew_all_tgts] (9): Checking [FILE:/tmp/krb5_cache/krb5cc_puser1] for renewal at [Thu Feb 17 00:11:35 2011].
(Thu Feb 17 00:11:01 2011) [sssd[be[default]]] [renew_handler] (7): Adding new renew timer.
(Thu Feb 17 00:11:02 2011) [sssd[be[default]]] [sbus_dispatch] (9): dbus conn: 9AB850
(Thu Feb 17 00:11:02 2011) [sssd[be[default]]] [sbus_dispatch] (9): Dispatching.
(Thu Feb 17 00:11:02 2011) [sssd[be[default]]] [sbus_message_handler] (9): Received SBUS method [ping]
(Thu Feb 17 00:11:12 2011) [sssd[be[default]]] [renew_all_tgts] (9): Checking [FILE:/tmp/krb5_cache/krb5cc_puser1] for renewal at [Thu Feb 17 00:11:35 2011].
(Thu Feb 17 00:11:12 2011) [sssd[be[default]]] [renew_handler] (7): Adding new renew timer.
(Thu Feb 17 00:11:12 2011) [sssd[be[default]]] [sbus_dispatch] (9): dbus conn: 9AB850
(Thu Feb 17 00:11:12 2011) [sssd[be[default]]] [sbus_dispatch] (9): Dispatching.
(Thu Feb 17 00:11:12 2011) [sssd[be[default]]] [sbus_message_handler] (9): Received SBUS method [ping]
(Thu Feb 17 00:11:22 2011) [sssd[be[default]]] [sbus_dispatch] (9): dbus conn: 9AB850
(Thu Feb 17 00:11:22 2011) [sssd[be[default]]] [sbus_dispatch] (9): Dispatching.
(Thu Feb 17 00:11:22 2011) [sssd[be[default]]] [sbus_message_handler] (9): Received SBUS method [ping]
(Thu Feb 17 00:11:22 2011) [sssd[be[default]]] [renew_all_tgts] (9): Checking [FILE:/tmp/krb5_cache/krb5cc_puser1] for renewal at [Thu Feb 17 00:11:35 2011].
(Thu Feb 17 00:11:22 2011) [sssd[be[default]]] [renew_handler] (7): Adding new renew timer.
(Thu Feb 17 00:11:32 2011) [sssd[be[default]]] [sbus_dispatch] (9): dbus conn: 9AB850
(Thu Feb 17 00:11:32 2011) [sssd[be[default]]] [sbus_dispatch] (9): Dispatching.
(Thu Feb 17 00:11:32 2011) [sssd[be[default]]] [sbus_message_handler] (9): Received SBUS method [ping]
(Thu Feb 17 00:11:32 2011) [sssd[be[default]]] [renew_all_tgts] (9): Checking [FILE:/tmp/krb5_cache/krb5cc_puser1] for renewal at [Thu Feb 17 00:11:35 2011].
(Thu Feb 17 00:11:32 2011) [sssd[be[default]]] [renew_handler] (7): Adding new renew timer.
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [sbus_dispatch] (9): dbus conn: 9AB850
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [sbus_dispatch] (9): Dispatching.
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [sbus_message_handler] (9): Received SBUS method [ping]
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [renew_all_tgts] (9): Checking [FILE:/tmp/krb5_cache/krb5cc_puser1] for renewal at [Thu Feb 17 00:11:35 2011].
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [renew_handler] (7): Adding new renew timer.
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_callback": 0xa70330

(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_timeout": 0x9bf150

(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [ldb] (9): tevent: Destroying timer event 0x9bf150 "ltdb_timeout"

(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [ldb] (9): tevent: Ending timer event 0xa70330 "ltdb_callback"

(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [krb5_get_simple_upn] (9): Using simple UPN [puser1].
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [check_if_ccache_file_is_used] (9): User [1001] is still active, reusing ccache file [/tmp/krb5_cache/krb5cc_puser1].
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [check_for_valid_tgt] (7): TGT end time [1297881753].
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [check_for_valid_tgt] (3): TGT is valid.
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [krb5_auth_send] (9): Ccache_file is [FILE:/tmp/krb5_cache/krb5cc_puser1] and is  active and TGT is  valid.
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [fo_resolve_service_send] (4): Trying to resolve service 'KERBEROS'
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [get_server_status] (7): Status of server 'sssdldap.idm.lab.bos.redhat.com' is 'working'
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [get_port_status] (7): Port status of port 88 for server 'sssdldap.idm.lab.bos.redhat.com' is 'working'
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [get_server_status] (7): Status of server 'sssdldap.idm.lab.bos.redhat.com' is 'working'
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [be_resolve_server_done] (4): Found address for server sssdldap.idm.lab.bos.redhat.com: [10.16.78.18]
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [child_handler_setup] (8): Setting up signal handler up for pid [21785]
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [child_handler_setup] (8): Signal handler set up for pid [21785]
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [write_pipe_handler] (6): All data has been sent!
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [become_user] (9): Trying to become user [1001][1001].
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [read_pipe_handler] (6): EOF received, client finished
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [krb5_child_done] (9): child response [0][3][46].
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [krb5_child_done] (9): child response [0][-1073741823][32].
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [krb5_child_done] (7): TGT times are [1297881638][1297881707][1297881822][1297881938].
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [fo_set_port_status] (4): Marking port 88 of server 'sssdldap.idm.lab.bos.redhat.com' as 'working'
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [set_server_common_status] (4): Marking server 'sssdldap.idm.lab.bos.redhat.com' as 'working'
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [safe_remove_old_ccache_file] (7): New and old ccache file are the same, no one will be deleted.
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [krb5_save_ccname] (9): Save ccname [FILE:/tmp/krb5_cache/krb5cc_puser1] for user [puser1].
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [ldb] (9): start ldb transaction (nesting: 0)
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [ldb] (9): start ldb transaction (nesting: 1)
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_callback": 0x9caef0

(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_timeout": 0x9cb010

(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [ldb] (9): tevent: Destroying timer event 0x9cb010 "ltdb_timeout"

(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [ldb] (9): tevent: Ending timer event 0x9caef0 "ltdb_callback"

(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [ldb] (9): commit ldb transaction (nesting: 1)
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [ldb] (9): commit ldb transaction (nesting: 0)
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [krb5_child_done] (7): Adding [FILE:/tmp/krb5_cache/krb5cc_puser1] for automatic renewal.
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [add_tgt_to_renew_table] (7): Added [FILE:/tmp/krb5_cache/krb5cc_puser1] for renewal at [Thu Feb 17 00:12:44 2011].
(Thu Feb 17 00:11:42 2011) [sssd[be[default]]] [renew_tgt_done] (4): Successfully renewed TGT for user [puser1].


Expected results:

From sssd-krb5(5):
       krb5_renew_interval (integer)
           The time in seconds between two checks if the TGT should be
           renewed. TGTs are renewed if about half of their lifetime is
           exceeded.

           If this option is not set or 0 the automatic renewal is
           disabled.

           Default: not set

- krb5_renew_interval should accept only numeric values and no s/m/d suffix.
- Having a invalid value for this option should result to the default behaviour.


Additional info:
[domain/default]
krb5_lifetime = 120
ldap_tls_reqcert = demand
ldap_id_use_start_tls = False
krb5_realm = EXAMPLE.COM
ldap_search_base = dc=example,dc=com
debug_level = 9
id_provider = ldap
auth_provider = krb5
ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc
chpass_provider = krb5
ldap_uri = ldaps://sssdldap.idm.lab.bos.redhat.com:636
krb5_renew_interval = 10
enumerate = False
krb5_kdcip = sssdldap.idm.lab.bos.redhat.com:88
cache_credentials = False
krb5_renewable_lifetime = 150m
krb5_ccname_template = FILE:%d/krb5cc_%u
ldap_tls_cacertdir = /etc/openldap/cacerts
krb5_ccachedir = /tmp/krb5_cache
Comment 3 Stephen Gallagher 2011-09-30 13:06:09 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/133