Bug 805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab.
sssd: Uses the wrong key when there a multiple realms in a single keytab.
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Stephen Gallagher
: Regression
Depends On:
  Show dependency treegraph
Reported: 2012-03-20 15:34 EDT by Steve Dickson
Modified: 2013-06-03 10:20 EDT (History)
6 users (show)

See Also:
Fixed In Version: sssd-1.8.0-20.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed
Story Points: ---
Clone Of:
Last Closed: 2012-06-20 07:56:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Steve Dickson 2012-03-20 15:34:53 EDT
Description of problem:

When there are multiple realms in a keytab, sssd uses the first key available
to authenticate not looking at the key's realm. What sssd should do is
look for the first available key that has a valid realm to do the

Version-Release number of selected component (if applicable):


How reproducible:
On the client generate a keytab will multiple realms with
the valid realm defined last:

klist -k
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   2 nfs/rhel6.boston.devel.redhat.com@DEVEL.REDHAT.COM
   1 host/rhel6.boston.devel.redhat.com@BOSTON.DEVEL.REDHAT.COM
Steps to Reproduce:
1. Log into the client
Actual results:

Expected results:

Additional info:
Comment 1 Stephen Gallagher 2012-03-20 15:37:31 EDT
Upstream ticket:
Comment 6 Jakub Hrozek 2012-04-03 14:53:02 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    New Contents:
No documentation needed
Comment 8 Kaushik Banerjee 2012-04-13 17:22:45 EDT
Verified in version:

# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.8.0                             Vendor: Red Hat, Inc.
Release     : 22.el6                        Build Date: Mon 09 Apr 2012 07:40:33 PM IST
Install Date: Fri 13 Apr 2012 09:34:35 PM IST      Build Host: x86-003.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.8.0-22.el6.src.rpm
Size        : 7870660                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon
Comment 10 errata-xmlrpc 2012-06-20 07:56:17 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.