Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=805281 (Red Hat Enterprise Linux 6)
Description of problem: When there are multiple realms in a keytab, sssd uses the first key available to authenticate not looking at the key's realm. What sssd should do is look for the first available key that has a valid realm to do the authentication. Version-Release number of selected component (if applicable): sssd-1.8.0-11.el6 How reproducible: On the client generate a keytab will multiple realms with the valid realm defined last: klist -k Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 nfs/rhel6.boston.devel.redhat.com@DEVEL.REDHAT.COM 1 host/rhel6.boston.devel.redhat.com@BOSTON.DEVEL.REDHAT.COM Steps to Reproduce: 1. Log into the client 2. 3. Actual results: Fails Expected results: works. Additional info:
Fields changed
blockedby: => blocking: => coverity: => feature_milestone: => milestone: NEEDS_TRIAGE => SSSD 1.8.2 (LTM) tests: => 0 testsupdated: => 0 upgrade: => 0
owner: somebody => jhrozek patch: 0 => 1 status: new => assigned
Fixed by: - fcbaf4c (master) - 1927496 (sssd-1-8)
resolution: => fixed status: assigned => closed
Metadata Update from @sgallagh: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.8.2 (LTM)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2311
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.