Bug 1017292 - krb5-auth-dialog --auto should not exit if the environment contains KRB5CCNAME
Summary: krb5-auth-dialog --auto should not exit if the environment contains KRB5CCNAME
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: krb5-auth-dialog
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Itamar Reis Peixoto
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1017180 1146827
TreeView+ depends on / blocked
 
Reported: 2013-10-09 15:09 UTC by Stephen Gallagher
Modified: 2014-09-26 07:45 UTC (History)
3 users (show)

Fixed In Version: krb5-auth-dialog-3.2.1-7.fc20
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1146827 (view as bug list)
Environment:
Last Closed: 2013-11-10 07:28:43 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
Patch to consider KRB5CCNAMe too (923 bytes, patch)
2013-10-09 15:17 UTC, Simo Sorce 		no flags Details | Diff
View All

Description Stephen Gallagher 2013-10-09 15:09:44 UTC 
Description of problem:
When installed on Fedora, krb5-auth-dialog will run with the --auto command on every graphical desktop session (tested with GNOME 3, but should be true of at least MATE and Cinnamon as well). The --auto command causes krb5-auth-dialog to exit if there is no credential cache available.

However, there are circumstances (such as when using KEYRING:persistent caches) where the KRB5CCNAME variable may be set, but the cache contents are not yet stored (such as SSSD with offline authentication). krb5-auth-dialog should check whether the KRB5CCNAME variable has been set in the environment and not exit if it is.

Version-Release number of selected component (if applicable):
krb5-auth-dialog-3.2.1-6.fc20.x86_64

How reproducible:
Every time

Steps to Reproduce:
1. Configure SSSD with KEYRING:persistent:%{uid} caches
2. Log in to a graphical session while unable to reach the KDC
3.

Actual results:
krb5-auth-dialog is not running when the desktop comes up.

Expected results:
krb5-auth-dialog should be running and inform the user that their credential cache is expired.

Additional info:
Comment 1 Simo Sorce 2013-10-09 15:17:36 UTC 
Created attachment 809995 [details]
Patch to consider KRB5CCNAMe too

I tested a build with this patch and does what we need.
Please consider using it and sneding it upstream too.
Comment 2 Jakub Hrozek 2013-10-17 10:01:11 UTC 
Hi, any news on reviewing the patch? I'd like to get Simo's patch accepted to avoid having to do any workarounds in the SSSD..
Comment 3 Fedora Update System 2013-11-07 13:00:09 UTC 
krb5-auth-dialog-3.2.1-7.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/krb5-auth-dialog-3.2.1-7.fc20
Comment 4 Fedora Update System 2013-11-07 19:05:41 UTC 
Package krb5-auth-dialog-3.2.1-7.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing krb5-auth-dialog-3.2.1-7.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-20849/krb5-auth-dialog-3.2.1-7.fc20
then log in and leave karma (feedback).
Comment 5 Fedora Update System 2013-11-10 07:28:43 UTC 
krb5-auth-dialog-3.2.1-7.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2014-04-15 07:17:06 UTC 
krb5-auth-dialog-3.2.1-7.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/krb5-auth-dialog-3.2.1-7.fc19
Comment 7 Fedora Update System 2014-04-24 07:38:13 UTC 
krb5-auth-dialog-3.2.1-7.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.