Description of problem: I am signed into FEDORAPROJECT.ORG realm and one Red Hat internal realm. Red Hat internal realm seems to be confused somehow. It seems it got broken during one of my kinit. Version-Release number of selected component (if applicable): gnome-online-accounts-3.40.1-1.fc35.x86_64 How reproducible: unsure, rare Steps to Reproduce: 1. Have FEDORAPROJECT.ORG realm 2. Login into Red Hat realm too 3. Repeat multiple times step 2, for expired tokens, have long uptime of machine 4. After time goa gets broken RH realm, even though klist lists normal tickets. Actual results: Catched backtrace of one wrong requests. It sends about 3 requests per minute. In GOA panel settings it shouws expired token, but login butting results in error. (gdb) bt #0 krb5_get_error_message (ctx=0x56497ba6a8a0, code=-1765328360) at krb/kerrs.c:173 #1 0x000056497a66c306 in set_and_prefix_error_from_krb5_error_code (self=self@entry=0x7f0bfc006c80, error=error@entry=0x7f0c037fda38, code=code@entry=6, error_code=<optimized out>, format=format@entry=0x56497a6752a7 "%s") at /usr/src/debug/gnome-online-accounts-3.40.1-1.fc35.x86_64/src/goaidentity/goakerberosidentity.c:321 #2 0x000056497a673a55 in goa_kerberos_identity_sign_in (inquiry_func=0x56497a66d1c0 <on_kerberos_identity_inquiry>, destroy_notify=0x0, error=0x7f0c037fda38, cancellable=0x7f0bfd2794e0, inquiry_data=0x56497ba52510, flags=<optimized out>, preauth_source=0x0, initial_password=0x7f0c17afd638, principal_name=0x7f0c037fda50 "\030\326\001\370\v\177", self=0x7f0bfc006c80) at /usr/src/debug/gnome-online-accounts-3.40.1-1.fc35.x86_64/src/goaidentity/goakerberosidentity.c:1300 #3 goa_kerberos_identity_sign_in (inquiry_func=0x56497a66d1c0 <on_kerberos_identity_inquiry>, destroy_notify=0x0, error=0x7f0c037fda38, cancellable=0x7f0bfd2794e0, inquiry_data=0x56497ba52510, flags=<optimized out>, preauth_source=0x0, initial_password=0x7f0c17afd638, principal_name=0x7f0c037fda50 "\030\326\001\370\v\177", self=0x7f0bfc006c80) at /usr/src/debug/gnome-online-accounts-3.40.1-1.fc35.x86_64/src/goaidentity/goakerberosidentity.c:1190 #4 sign_in_identity (operation=0x56497ba52510, self=0x56497ba5ea30) at /usr/src/debug/gnome-online-accounts-3.40.1-1.fc35.x86_64/src/goaidentity/goakerberosidentitymanager.c:916 #5 goa_kerberos_identity_manager_thread_pool_func (data=0x56497ba52510, user_data=<optimized out>) at /usr/src/debug/gnome-online-accounts-3.40.1-1.fc35.x86_64/src/goaidentity/goakerberosidentitymanager.c:1051 #6 0x00007f0c17636094 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:354 #7 0x00007f0c176337c2 in g_thread_proxy (data=0x7f0bfc02e640) at ../glib/gthread.c:827 #8 0x00007f0c1729f822 in start_thread (arg=<optimized out>) at pthread_create.c:443 #9 0x00007f0c1723f450 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 Expected results: It should stop repeating requests endlessly. And there should be a way to Additional info: Likely related to https://gitlab.gnome.org/GNOME/gnome-online-accounts/-/issues/79
Agreed. I've had trouble reproducing this. Does klist -A show the tickets you expect?
Yes, the klist -A shows tickets I would expect there, also with valid expiration time. From what I have seen during the breakage, indication on RH realm did not display accurate status of the principal in control panel. RH realm showed exclamation mark, but refreshed token worked fine with brew, brewweb or errata. But login using button in account details did not work. I have fixed it by dropping RH principal and logged by kinit again. That seems to fixed that for now, so I cannot debug it. But I think I have seen it more time.
This message is a reminder that Fedora Linux 35 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 35 on 2022-12-13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '35'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 35 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
FEDORA-2022-2b91cbd30f has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-2b91cbd30f
FEDORA-2022-8e64a8ce03 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-8e64a8ce03
FEDORA-2022-8e64a8ce03 has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-8e64a8ce03` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-8e64a8ce03 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-2b91cbd30f has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-2b91cbd30f` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-2b91cbd30f See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-8e64a8ce03 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-2b91cbd30f has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.