Learn more about these different git repos.
Other Git URLs
After the recent krb5_child changes, we copy the keytab into memory, then switch to the user logging in completely. But for trusted users, we also try to call the PAC responder and that fails, because only root is normally allowed to contact the PAC responder.
Idea: The PAC responder could spawn a private socket that only root can access. krb5_child would open this socket before dropping root and pass it on. PAC responder would perform no access checks on this socket.
The proper fix would be to refactor the PAC responder as outlined in the last comment of #2158. Closing.
resolution: => wontfix status: new => closed
Sumit came up with an idea for a short term fix that allows to open the fd before dropping root.
resolution: wontfix => status: closed => reopened
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.12.4 owner: somebody => jhrozek patch: 0 => 1 status: reopened => new
resolution: => fixed status: new => closed
rhbz: => 0
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.12.4
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3601
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.