diff options
| author | Lukas Slebodnik <lslebodn@redhat.com> | 2014-12-17 09:10:33 +0100 |
|---|---|---|
| committer | Sumit Bose <sbose@redhat.com> | 2014-12-17 12:06:52 +0100 |
| commit | a183e279f754afdd571d8b084c7a36b71d5c1701 (patch) | |
| tree | 7060ae06b623188bf68e56a77ab37e3a129a0c0e /src/tests/sysdb-tests.c | |
| parent | 01fa6711add8c52aa1a8474cf34af67d1e555c91 (diff) | |
| download | sssd-a183e279f754afdd571d8b084c7a36b71d5c1701.tar.gz sssd-a183e279f754afdd571d8b084c7a36b71d5c1701.tar.xz sssd-a183e279f754afdd571d8b084c7a36b71d5c1701.zip | |
krb5_child: Initialize REALM earlier
Environment variable SSSD_KRB5_REALM was used to late for initialisation
realm. and therefore default value NULL was used.
The SSSD_KRB5_REALM (kr->realm) was used as fast_principal_realm for checking
fast cache: privileged_krb5_setup -> k5c_setup_fast -> check_fast_ccache
And therefore wrong principal was used when the option krb5_fast_principal is
empty.
[find_principal_in_keytab] (0x4000): Trying to find principal (null)@(null) in keytab.
[match_principal] (0x1000): Principal matched to the sample ((null)@(null)).
[get_tgt_times] (0x1000): FAST ccache must be recreated
[get_tgt_times] (0x0020): krb5_cc_retrieve_cred failed
[get_tgt_times] (0x0020): 1688: [-1765328243][Matching credential not found]
[check_fast_ccache] (0x0040): Valid FAST TGT not found after attempting to renew it
[k5c_setup_fast] (0x0020): check_fast_ccache failed.
[k5c_setup_fast] (0x0020): 1956: [1432158213][Unknown code UUz 5]
[privileged_krb5_setup] (0x0040): Cannot set up FAST
[main] (0x0020): privileged_krb5_setup failed.
[main] (0x0020): krb5_child failed!
As a result of this user was not able to authenticate.
Resolves:
https://fedorahosted.org/sssd/ticket/2526
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/tests/sysdb-tests.c')
0 files changed, 0 insertions, 0 deletions