Confirmed the issue on jammy, and the fix, by joining a machine to a
windows AD domain, and attempting to login via ssh GSSAPIAuthentication
as a domain user. It only works if I either put the principal name in
~/.k5login, or include the sssd localauth plugin via the include files
as discussed in
> Without this passwordless login using GSSAPI via SSH is not possible
to a Ubuntu 22.04 machine.
This is not entirely true. We have tests that attempt this login and they pass
just fine. There is some other detail that is missing. I'll read up in more
detail on what the
There are two components here:
a) sssd to ship /etc/krb5.conf.d/enable_sssd_conf_dir
This was done in 2.7.0-1, and is present in ubuntu mantic and later
b) krb5.conf to includedir /etc/krb5.conf.d
This should be done in src:kerberos-configs, and is not done yet anywhere
** Also affects: sssd
** Changed in: kerberos-configs (Ubuntu)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: kerberos-configs (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I discussed this with the team; ahasenack suggests that we should add
that include line to src:kerberos-configs, which is the package that
provides krb5.conf.
** Package changed: sssd (Ubuntu) => kerberos-configs (Ubuntu)
** Changed in: kerberos-configs (Ubuntu)
Status: New => Triaged
**
Can confirm too. It was hard to find the solution, so I hope this will
avoid people banging head on the table.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2037321
Title:
missing includedir
