Bug 857054 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist
[sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does ...
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
Depends On:
  Show dependency treegraph
Reported: 2012-09-13 09:26 EDT by Dmitri Pal
Modified: 2014-06-17 23:59 EDT (History)
3 users (show)

See Also:
Fixed In Version: sssd-1.10.0-1.el7.alpha1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-06-13 09:08:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Dmitri Pal 2012-09-13 09:26:32 EDT
This bug is created as a clone of upstream ticket:

https://bugzilla.redhat.com/show_bug.cgi?id=853558 (''Fedora'')

Description of problem:
sudo is failing in Fedora 18 (development) with identities via LDAP and
authorization via Kerberos.

Version-Release number of selected component (if applicable):
# rpm -qa | egrep 'krb5|systemd|sssd'

How reproducible:

Actual results:
User POV:
sudo date
[sudo] password for my_user_name:
Sorry, try again.
[sudo] password for my_user_name:
sudo: 1 incorrect password attempt

Log POV:
==> /var/log/messages <==
Aug 31 13:39:29 test-host [sssd[krb5_child[10593]]]: Credential cache directory
/run/user/my_uid/ccdir does not exist

==> /var/log/secure <==
Aug 31 13:39:29 test-host sudo: pam_sss(sudo:auth): system info: [Credential
cache directory /run/user/my_uid/ccdir does not exist]

No AVCs reported.

See attachment.
Comment 2 Jenny Galipeau 2013-03-13 11:21:26 EDT
please add steps to reproduce
Comment 3 Jakub Hrozek 2013-03-18 05:23:47 EDT
I hope I remember them correctly, please feel free to ping again if they don't work:

1) Configure Kerberos provider to use DIR: cache
2) log in as a user
3) From another terminal, remove his /run/user/$UID directory (to simulate session end)
4) log in as the same user again.

With the unpatched version, the second login would fail. With the patched version, it would succeed.
Comment 4 Jakub Hrozek 2013-03-26 14:06:23 EDT
Fixed upstream.
Comment 5 Jakub Hrozek 2013-10-04 09:23:22 EDT
Temporarily moving bugs to MODIFIED to work around errata tool bug
Comment 7 Amith 2013-12-18 04:32:53 EST
Verified the bug on SSSD Version: sssd-1.11.2-10.el7.x86_64

Steps followed during verification:

1. Configure sssd with credential cache type "krb5_ccname_template = DIR:/tmp/%U"
2. Login with a krb5 user and verify the cache:

[tr_user@rhel-7 ~]$ klist
Ticket cache: DIR::/tmp/10219/tktZ5pH3m
Default principal: tr_user@EXAMPLE.COM

Valid starting       Expires              Service principal
12/18/2013 09:35:02  12/19/2013 09:35:02  krbtgt/EXAMPLE.COM@EXAMPLE.COM
	renew until 12/18/2013 09:35:02

3. Delete the cache directory "/tmp/10219" to end the session.
4. Attempt second login for the same user. As expected, login succeeds.
Comment 8 Ludek Smid 2014-06-13 09:08:32 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.