Learn more about these different git repos.
Other Git URLs
There is a logic bug in the LDAP GSSAPI auth code. When the child times out[1], the sdap_kinit_ tevent request does not retry another KDC.
Also, when the request result is retrieved with sdap_kinit_recv, the LDAP server is marked as down, which is wrong, the kinit request only talks to KDC and its result shouldn't change the status of the LDAP server.
[1] Child timeout is the only really probable way the child tevent request can end with an error. The other reasons include OOM situations, child fork/exec failing. If the child operation itself fails (i.e. the keytab is wrong), the request ends with EOK and extended error information is returned in a separate variable.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=817073 (Red Hat Enterprise Linux 5)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=817073 817073]
Fields changed
owner: somebody => jhrozek status: new => assigned
patch: 0 => 1
Fixed by: - 163a17f (master) - b13da92 (sssd-1-8)
component: SSSD => LDAP Provider milestone: NEEDS_TRIAGE => SSSD 1.8.4 (LTM) resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.8.4 (LTM)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2366
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.