#1269 sssd: Uses the wrong key for GSSAPI when there a multiple realms in a single keytab.
Closed: Fixed None Opened 12 years ago by sgallagh.

https://bugzilla.redhat.com/show_bug.cgi?id=805281 (Red Hat Enterprise Linux 6)

Description of problem:

When there are multiple realms in a keytab, sssd uses the first key available
to authenticate not looking at the key's realm. What sssd should do is
look for the first available key that has a valid realm to do the
authentication.

Version-Release number of selected component (if applicable):

sssd-1.8.0-11.el6

How reproducible:
On the client generate a keytab will multiple realms with
the valid realm defined last:

klist -k
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   2 nfs/rhel6.boston.devel.redhat.com@DEVEL.REDHAT.COM
   1 host/rhel6.boston.devel.redhat.com@BOSTON.DEVEL.REDHAT.COM

Steps to Reproduce:
1. Log into the client
2.
3.

Actual results:
Fails

Expected results:
works.

Additional info:

Fields changed

blockedby: =>
blocking: =>
coverity: =>
feature_milestone: =>
milestone: NEEDS_TRIAGE => SSSD 1.8.2 (LTM)
tests: => 0
testsupdated: => 0
upgrade: => 0

Fields changed

owner: somebody => jhrozek
patch: 0 => 1
status: new => assigned

Fixed by:
- fcbaf4c (master)
- 1927496 (sssd-1-8)

resolution: => fixed
status: assigned => closed

Metadata Update from @sgallagh:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.8.2 (LTM)

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2311

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata