Bug 724911

Summary: [RFE] Support change in uid and gid number for the same user.
Product: Red Hat Enterprise Linux 7 Reporter: Kaushik Banerjee <kbanerje>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED DEFERRED QA Contact: Ben Levenson <benl>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: dpal, grajaiya, jgalipea, jhrozek, mkosek, prc
Target Milestone: pre-dev-freezeKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-04-24 11:21:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 756082    

Description Kaushik Banerjee 2011-07-22 09:48:41 UTC 
This bug is a split from bug 711416 to track the second issue.


RHEL6.2-20110512.n.0_nfs-Server-x86_64
Used by: Shanks

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user shanks.
Current Password: 
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
Connection to localhost closed.


Actual results:
During the change password operation the ccache is not replaced by a new one if
the old one isn't active anymore.

[root@bumblebee ~]# ldb3search -H
/var/lib/sss/db/cache_lab.eng.pnq.redhat.com.ldb -b
name=shanks,cn=users,cn=lab.eng.pnq.redhat.com,cn=sysdb uidNumber gidNumber
ccacheFile
# record 1
dn: name=shanks,cn=users,cn=lab.eng.pnq.redhat.com,cn=sysdb
ccacheFile: FILE:/tmp/krb5cc_1866400007_wPJrHJ
uidNumber: 1866400008
gidNumber: 1866400008


[root@bumblebee ~]# ls -l /tmp/krb5cc_1866400007_wPJrHJ 
-rw-------. 1 shanks shanks 604 Jun  7 07:41 /tmp/krb5cc_1866400007_wPJrHJ
[root@bumblebee ~]# 


Expected results:
We should delete ccacheFile attribute from the cache if we detect we don't need
to hold one anymore before we continue authentication.

Additional info:
sssd.conf
Created attachment 503475 [details]
sssd_domain.log

# cat /etc/sssd/sssd.conf 
[sssd]
services = nss, pam
config_file_version = 2

domains = lab.eng.pnq.redhat.com
[nss]

[pam]

[domain/lab.eng.pnq.redhat.com]
cache_credentials = True
ipa_domain = lab.eng.pnq.redhat.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_server = _srv_, bumblebee.lab.eng.pnq.redhat.com
debug_level = 9
Comment 1 Kaushik Banerjee 2011-07-22 09:49:56 UTC 
The bug is for tracking the following issue:

The uid of a user changed, because the user was deleted and added
afterwards with a new uid. Since sssd reuses the same cached object the stored
ccache file now belongs to a different user ("Cache file
[/tmp/krb5cc_1866400007_wPJrHJ] exists, but is owned by [1866400007] instead of [1866400008]."). This is tracked upstream in ticket https://fedorahosted.org/sssd/ticket/884 .
Comment 6 Martin Kosek 2015-04-24 11:21:32 UTC 
Thank you taking your time and submitting this request for Red Hat Enterprise Linux. Unfortunately, this bug was not given a priority and was deferred both in the upstream project and in Red Hat Enterprise Linux.

Given that we are unable to fulfill this request in following Red Hat Enterprise Linux releases, I am closing the Bugzilla as DEFERRED. To request that Red Hat re-considers the decision, please re-open the Bugzilla via appropriate support channels and provide additional business and/or technical details about its importance to you.

Note that you can still track this request or even contribute patches in the referred upstream Trac ticket.