688491 – authconfig fails when access_provider is set as krb5 in sssd.conf.

Bug 688491 - authconfig fails when access_provider is set as krb5 in sssd.conf.

Summary: authconfig fails when access_provider is set as krb5 in sssd.conf.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	6.1
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Stephen Gallagher
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	688694
TreeView+	depends on / blocked

Reported:	2011-03-17 08:54 UTC by Gowrishankar Rajaiyan
Modified:	2015-01-04 23:47 UTC (History)
CC List:	7 users (show)
Fixed In Version:	sssd-1.5.1-15.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	688694 (view as bug list)
Environment:
Last Closed:	2011-05-19 11:39:08 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:0560	0	normal	SHIPPED_LIVE	Low: sssd security, bug fix, and enhancement update	2011-05-19 11:38:17 UTC

Description Gowrishankar Rajaiyan 2011-03-17 08:54:00 UTC

Description of problem:


Version-Release number of selected component (if applicable):
sssd-1.5.1-14.el6.x86_64
authconfig-6.1.12-4.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure SSSD with "access_provider = krb5". See Additional info for the relevant sssd.conf section.
2. authconfig --enablesssd --enablesssdauth --updateall
3.
  
Actual results:
Traceback (most recent call last):
  File "/usr/sbin/authconfig", line 894, in <module>
    sys.exit(module.run())
  File "/usr/sbin/authconfig", line 475, in run
    self.readAuthInfo()
  File "/usr/sbin/authconfig", line 327, in readAuthInfo
    self.info = authinfo.read(self.printError)
  File "/usr/share/authconfig/authinfo.py", line 916, in read
    info.read()
  File "/usr/share/authconfig/authinfo.py", line 2185, in read
    self.readSSSD(ref)
  File "/usr/share/authconfig/authinfo.py", line 1613, in readSSSD
    domain = self.sssdDomain = self.sssdConfig.get_domain(SSSD_AUTHCONFIG_DOMAIN)
  File "/usr/lib/python2.6/site-packages/SSSDConfig.py", line 1523, in get_domain
    domain.set_option(option, value)
  File "/usr/lib/python2.6/site-packages/SSSDConfig.py", line 1009, in set_option
    self.add_provider(value, provider)
  File "/usr/lib/python2.6/site-packages/SSSDConfig.py", line 1062, in add_provider
    raise NoSuchProviderSubtypeError(provider_type)
SSSDConfig.NoSuchProviderSubtypeError: access

Expected results:
Should update all the related files and start SSSD.

Additional info:
[domain/default]
id_provider = ldap
ldap_uri = ldaps://sssdldap.redhat.com:636
ldap_search_base = dc=example,dc=com
ldap_tls_reqcert = demand
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc
cache_credentials = true
enumerate = false
debug_level = 9
krb5_realm = EXAMPLE.COM
auth_provider = krb5
access_provider = krb5
krb5_kdcip = sssdldap.redhat.com:88
krb5_ccachedir = /tmp/krb5_cache
krb5_ccname_template = FILE:%d/krb5cc_%u

Comment 4 Gowrishankar Rajaiyan 2011-03-24 06:53:21 UTC

1. Configured SSSD as:
[domain/LDAP-KRB5]
id_provider = ldap
ldap_uri = ldaps://sssdldap.redhat.com:636
ldap_search_base = dc=example,dc=com
ldap_tls_reqcert = demand
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc
cache_credentials = true
enumerate = false
debug_level = 9
krb5_realm = EXAMPLE.COM
auth_provider = krb5
access_provider = krb5
krb5_kdcip = sssdldap.redhat.com:88
krb5_ccachedir = /tmp/krb5_cache
krb5_ccname_template = FILE:%d/krb5cc_%u

2. # authconfig --enablesssd --enablesssdauth --updateall
Starting sssd:                                             [  OK  ]

3. # authconfig --disablesssd --disablesssdauth --updateall
Stopping sssd:                                             [  OK  ]

Verified.
# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 17.el6                        Build Date: Wed 23 Mar 2011 08:38:49 PM IST
Install Date: Thu 24 Mar 2011 12:16:17 PM IST      Build Host: x86-002.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-17.el6.src.rpm
Size        : 3459179                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon

Comment 5 errata-xmlrpc 2011-05-19 11:39:08 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0560.html

Comment 6 errata-xmlrpc 2011-05-19 13:10:07 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0560.html

Note You need to log in before you can comment on or make changes to this bug.