Your message dated Tue, 13 Mar 2018 10:19:36 +0000
with message-id <>
and subject line Bug#892315: fixed in sssd 1.16.1-1
has caused the Debian Bug report #892315,
regarding sssd: secrets service does not work due to lack of 
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact

Debian Bug Tracking System
Contact with problems
--- Begin Message ---
Package: sssd
Version: 1.16.0-5
Severity: normal

Dear Maintainer,

The (socket activated) secrets service doesn't work because it can't
create a secrets database due to the lack of the /var/lib/sss/secrets

Right after installation, if you try to access it like this for example:

$ curl -H "Content-Type: application/json" --unix-socket 
/var/run/secrets.socket -XGET http://localhost/secrets/
<title>500 Internal Server Error</title></head>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error.</p>

/var/log/syslog log shows:
Mar  8 07:38:58 sid-sssd sssd_secrets[6272]: ltdb: 
tdb(/var/lib/sss/secrets/secrets.ldb): tdb_open_ex: could not open file 
/var/lib/sss/secrets/secrets.ldb: No such file or directory
Mar  8 07:38:58 sid-sssd sssd_secrets[6272]: Unable to open tdb 
'/var/lib/sss/secrets/secrets.ldb': No such file or directory
Mar  8 07:38:58 sid-sssd sssd_secrets[6272]: Failed to connect to 
'/var/lib/sss/secrets/secrets.ldb' with backend 'tdb': Unable to open tdb 
'/var/lib/sss/secrets/secrets.ldb': No such file or directory

Once that directory is created, the service works:

# mkdir -m 0700 /var/lib/sss/secrets

$ curl -H "Content-Type: application/json" --unix-socket 
/var/run/secrets.socket -XGET http://localhost/secrets/
<title>404 Not Found</title></head>
<h1>Not Found</h1>
<p>The requested resource was not found.</p>

And you can create secrets:
$ curl -H "Content-Type: application/json" --unix-socket 
/var/run/secrets.socket -XPUT http://localhost/secrets/foo 
<title>200 OK</title></head>

root@sid-sssd:~# ls -lah /var/lib/sss/secrets/
total 5.5K
drwx------ 2 root root    4 Mar  8 08:02 .
drwxr-xr-x 9 root root    9 Mar  8 08:02 ..
-rw------- 1 root root   32 Mar  8 08:02 .secrets.mkey
-rw------- 1 root root 1.3M Mar  8 08:03 secrets.ldb

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.13.0-36-generic (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sssd depends on:
ii  python3-sss  1.16.0-5
ii  sssd-ad      1.16.0-5
ii  sssd-common  1.16.0-5
ii  sssd-ipa     1.16.0-5
ii  sssd-krb5    1.16.0-5
ii  sssd-ldap    1.16.0-5
ii  sssd-proxy   1.16.0-5

sssd recommends no packages.

sssd suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message ---
Source: sssd
Source-Version: 1.16.1-1

We believe that the bug you reported is fixed in the latest version of
sssd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Timo Aaltonen <> (supplier of updated sssd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA256

Format: 1.8
Date: Tue, 13 Mar 2018 11:25:00 +0200
Source: sssd
Binary: sssd sssd-common sssd-ad sssd-ad-common sssd-dbus sssd-ipa sssd-kcm 
sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools libnss-sss 
libpam-sss libipa-hbac0 libipa-hbac-dev libsss-certmap0 libsss-certmap-dev 
libsss-idmap0 libsss-idmap-dev libsss-nss-idmap0 libsss-nss-idmap-dev 
libsss-sudo libsss-simpleifp0 libsss-simpleifp-dev libwbclient-sssd 
libwbclient-sssd-dev python-libipa-hbac python-libsss-nss-idmap python-sss 
python3-libipa-hbac python3-libsss-nss-idmap python3-sss
Architecture: source
Version: 1.16.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian SSSD Team <>
Changed-By: Timo Aaltonen <>
 libipa-hbac-dev - FreeIPA HBAC Evaluator library -- development files
 libipa-hbac0 - FreeIPA HBAC Evaluator library
 libnss-sss - Nss library for the System Security Services Daemon
 libpam-sss - Pam module for the System Security Services Daemon
 libsss-certmap-dev - Certificate mapping library for SSSD -- development files
 libsss-certmap0 - Certificate mapping library for SSSD
 libsss-idmap-dev - ID mapping library for SSSD -- development files
 libsss-idmap0 - ID mapping library for SSSD
 libsss-nss-idmap-dev - SID based lookups library for SSSD -- development files
 libsss-nss-idmap0 - SID based lookups library for SSSD
 libsss-simpleifp-dev - SSSD D-Bus responder helper library -- development files
 libsss-simpleifp0 - SSSD D-Bus responder helper library
 libsss-sudo - Communicator library for sudo
 libwbclient-sssd - SSSD libwbclient implementation
 libwbclient-sssd-dev - SSSD libwbclient implementation -- development files
 python-libipa-hbac - Python bindings for the FreeIPA HBAC Evaluator library
 python-libsss-nss-idmap - Python bindings for the SID lookups library
 python-sss - Python module for the System Security Services Daemon
 python3-libipa-hbac - Python3 bindings for the FreeIPA HBAC Evaluator library
 python3-libsss-nss-idmap - Python3 bindings for the SID lookups library
 python3-sss - Python3 module for the System Security Services Daemon
 sssd       - System Security Services Daemon -- metapackage
 sssd-ad    - System Security Services Daemon -- Active Directory back end
 sssd-ad-common - System Security Services Daemon -- PAC responder
 sssd-common - System Security Services Daemon -- common files
 sssd-dbus  - System Security Services Daemon -- D-Bus responder
 sssd-ipa   - System Security Services Daemon -- IPA back end
 sssd-kcm   - System Security Services Daemon -- Kerberos KCM server implementa
 sssd-krb5  - System Security Services Daemon -- Kerberos back end
 sssd-krb5-common - System Security Services Daemon -- Kerberos helpers
 sssd-ldap  - System Security Services Daemon -- LDAP back end
 sssd-proxy - System Security Services Daemon -- proxy back end
 sssd-tools - System Security Services Daemon -- tools
Closes: 892315
 sssd (1.16.1-1) unstable; urgency=medium
   * New upstream release.
   * common.dirs, common.postinst: Add dir for secrets with correct
     permissions. (Closes: #892315)
   * common: Add support for Fleet Commander, create deskprofile dir with
     correct permissions.
   * control: Add libgdm-dev to build-depends to support multiple
   * control, rules, common.install: Add support for systemtap.
   * control: Bump policy to 4.1.3, no changes.
 5ec1a1a2916270987a57e0eeea989c15d25aa3d9 4636 sssd_1.16.1-1.dsc
 a840f0244b580f79e4c332f97d2722c2269b1f8d 5992778 sssd_1.16.1.orig.tar.gz
 b64cd16916b52fa4228334d285dc3e131f79f530 95350 sssd_1.16.1-1.diff.gz
 d59242f1a0fe2522e60cb77c5b34a62cdd989d12d5efd2e4c0f0c123c062a517 4636 
 2dbf677851afdefcdf57eccaf25d59eb682a2994ad2a2dbf419003930a0b506e 5992778 
 128cf92b82cfe21ffde19e5dffed19982ef93b41ba3c2e1e5a78db467106ef7b 95350 
 1d46c92ba1c0c112b88a5288c29f9ab3 4636 utils extra sssd_1.16.1-1.dsc
 b4df37eace2b62a604214a40855d2574 5992778 utils extra sssd_1.16.1.orig.tar.gz
 4f3db10deb4e5e15b79e6bb42e34a07e 95350 utils extra sssd_1.16.1-1.diff.gz

Version: GnuPG v1


--- End Message ---

Reply via email to