857054 – [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 857054 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist

Summary: [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does ...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Jakub Hrozek
QA Contact:	Kaushik Banerjee
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-09-13 13:26 UTC by Dmitri Pal
Modified:	2020-05-02 16:58 UTC (History)
CC List:	3 users (show)
Fixed In Version:	sssd-1.10.0-1.el7.alpha1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-13 13:08:32 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 2554	0	None	None	None	2020-05-02 16:58:49 UTC

Description Dmitri Pal 2012-09-13 13:26:32 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/1512

https://bugzilla.redhat.com/show_bug.cgi?id=853558 (''Fedora'')

{{{
Description of problem:
sudo is failing in Fedora 18 (development) with identities via LDAP and
authorization via Kerberos.

Version-Release number of selected component (if applicable):
# rpm -qa | egrep 'krb5|systemd|sssd'
systemd-libs-188-3.fc18.i686
systemd-188-3.fc18.i686
systemd-sysv-188-3.fc18.i686
sssd-1.9.0-19.fc18.beta6.i686
pam_krb5-2.3.14-3.fc18.i686
sssd-client-1.9.0-19.fc18.beta6.i686
krb5-libs-1.10.2-7.fc18.i686

How reproducible:
always

Actual results:
User POV:
sudo date
[sudo] password for my_user_name:
Sorry, try again.
[sudo] password for my_user_name:
sudo: 1 incorrect password attempt

Log POV:
==> /var/log/messages <==
Aug 31 13:39:29 test-host [sssd[krb5_child[10593]]]: Credential cache directory
/run/user/my_uid/ccdir does not exist

==> /var/log/secure <==
Aug 31 13:39:29 test-host sudo: pam_sss(sudo:auth): system info: [Credential
cache directory /run/user/my_uid/ccdir does not exist]

No AVCs reported.

See attachment.
}}}

Comment 2 Jenny Severance 2013-03-13 15:21:26 UTC

please add steps to reproduce

Comment 3 Jakub Hrozek 2013-03-18 09:23:47 UTC

I hope I remember them correctly, please feel free to ping again if they don't work:

1) Configure Kerberos provider to use DIR: cache
2) log in as a user
3) From another terminal, remove his /run/user/$UID directory (to simulate session end)
4) log in as the same user again.

With the unpatched version, the second login would fail. With the patched version, it would succeed.

Comment 4 Jakub Hrozek 2013-03-26 18:06:23 UTC

Fixed upstream.

Comment 5 Jakub Hrozek 2013-10-04 13:23:22 UTC

Temporarily moving bugs to MODIFIED to work around errata tool bug

Comment 7 Amith 2013-12-18 09:32:53 UTC

Verified the bug on SSSD Version: sssd-1.11.2-10.el7.x86_64

Steps followed during verification:

1. Configure sssd with credential cache type "krb5_ccname_template = DIR:/tmp/%U"
2. Login with a krb5 user and verify the cache:

[tr_user@rhel-7 ~]$ klist
Ticket cache: DIR::/tmp/10219/tktZ5pH3m
Default principal: tr_user

Valid starting       Expires              Service principal
12/18/2013 09:35:02  12/19/2013 09:35:02  krbtgt/EXAMPLE.COM
	renew until 12/18/2013 09:35:02

3. Delete the cache directory "/tmp/10219" to end the session.
4. Attempt second login for the same user. As expected, login succeeds.

Comment 8 Ludek Smid 2014-06-13 13:08:32 UTC

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.