Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1017180
Description of problem: When performing an offline login with no existing credential cache (first login after boot or after a kdestroy), the SSSD does not generate a pre-expired placeholder cache. Version-Release number of selected component (if applicable): sssd-krb5-1.11.1-2.fc20.x86_64 How reproducible: Every time Steps to Reproduce: 1. kdestroy 2. sudo killall -USR1 sssd (to force offline auth) 3. su - <username> 4. klist Actual results: The login succeeds with cached credentials, but the output of klist shows no credential cache. Expected results: The login succeeds with cached credentials and the output of klist shows a credential cache that expired long ago (actually the dawn of the epoch). Additional info: The primary reason for the placeholder cache is so that applications like krb5-auth-dialog can monitor the cache and notify the user when it is updated or expired. Also, this appears to be related to the KEYRING:persistent cache only. When I switched to 'krb5_ccname_template = FILE:/tmp/krb5cc_%U_XXXXXX" and followed the above steps, the placeholder cache was properly created.
The issue is most likely will be addressed in the krb5-auth-dialog component rather than in SSSD.
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => review: True => 0 selected: => testsupdated: => 0
krb5-auth-dialog patch was pushed. Closing.
resolution: => wontfix status: new => closed
Metadata Update from @jhrozek: - Issue set to the milestone: NEEDS_TRIAGE
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3157
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.