Bug 857054 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist
Summary: [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does ...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
Depends On:
TreeView+ depends on / blocked
Reported: 2012-09-13 13:26 UTC by Dmitri Pal
Modified: 2020-05-02 16:58 UTC (History)
3 users (show)

Fixed In Version: sssd-1.10.0-1.el7.alpha1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-06-13 13:08:32 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Github SSSD sssd issues 2554 None None None 2020-05-02 16:58:49 UTC

Description Dmitri Pal 2012-09-13 13:26:32 UTC
This bug is created as a clone of upstream ticket:

https://bugzilla.redhat.com/show_bug.cgi?id=853558 (''Fedora'')

Description of problem:
sudo is failing in Fedora 18 (development) with identities via LDAP and
authorization via Kerberos.

Version-Release number of selected component (if applicable):
# rpm -qa | egrep 'krb5|systemd|sssd'

How reproducible:

Actual results:
User POV:
sudo date
[sudo] password for my_user_name:
Sorry, try again.
[sudo] password for my_user_name:
sudo: 1 incorrect password attempt

Log POV:
==> /var/log/messages <==
Aug 31 13:39:29 test-host [sssd[krb5_child[10593]]]: Credential cache directory
/run/user/my_uid/ccdir does not exist

==> /var/log/secure <==
Aug 31 13:39:29 test-host sudo: pam_sss(sudo:auth): system info: [Credential
cache directory /run/user/my_uid/ccdir does not exist]

No AVCs reported.

See attachment.

Comment 2 Jenny Severance 2013-03-13 15:21:26 UTC
please add steps to reproduce

Comment 3 Jakub Hrozek 2013-03-18 09:23:47 UTC
I hope I remember them correctly, please feel free to ping again if they don't work:

1) Configure Kerberos provider to use DIR: cache
2) log in as a user
3) From another terminal, remove his /run/user/$UID directory (to simulate session end)
4) log in as the same user again.

With the unpatched version, the second login would fail. With the patched version, it would succeed.

Comment 4 Jakub Hrozek 2013-03-26 18:06:23 UTC
Fixed upstream.

Comment 5 Jakub Hrozek 2013-10-04 13:23:22 UTC
Temporarily moving bugs to MODIFIED to work around errata tool bug

Comment 7 Amith 2013-12-18 09:32:53 UTC
Verified the bug on SSSD Version: sssd-1.11.2-10.el7.x86_64

Steps followed during verification:

1. Configure sssd with credential cache type "krb5_ccname_template = DIR:/tmp/%U"
2. Login with a krb5 user and verify the cache:

[tr_user@rhel-7 ~]$ klist
Ticket cache: DIR::/tmp/10219/tktZ5pH3m
Default principal: tr_user@EXAMPLE.COM

Valid starting       Expires              Service principal
12/18/2013 09:35:02  12/19/2013 09:35:02  krbtgt/EXAMPLE.COM@EXAMPLE.COM
	renew until 12/18/2013 09:35:02

3. Delete the cache directory "/tmp/10219" to end the session.
4. Attempt second login for the same user. As expected, login succeeds.

Comment 8 Ludek Smid 2014-06-13 13:08:32 UTC
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.