Bug#1012502: [Pkg-sssd-devel] Bug#1012502: Bug#1012502: Bug#1012502: sssd: authentication fails with latest sssd
On Thu, Jun 09, 2022 at 10:11:19AM +0300, you wrote: Timo Aaltonen kirjoitti 9.6.2022 klo 9.51: Michael Stone kirjoitti 8.6.2022 klo 18.52: On Wed, Jun 08, 2022 at 05:41:00PM +0300, Timo Aaltonen wrote: Did you have 2.7.0 at some point? 2.7.0-1 was installed 2022-05-27 2.7.0-1+b1 was installed 2022-05-29 no issues with either of those; I reverted to 2.6.3 just because it was easier to grab from the mirrors. I guess it should be filed upstream then, if it's a regression in 2.7.1 which was supposed to be a bugfix release. actually, this should fix it: https://github.com/SSSD/sssd/pull/6204 this seems to be working
Bug#1012502: [Pkg-sssd-devel] Bug#1012502: Bug#1012502: Bug#1012502: sssd: authentication fails with latest sssd
Timo Aaltonen kirjoitti 9.6.2022 klo 9.51: Michael Stone kirjoitti 8.6.2022 klo 18.52: On Wed, Jun 08, 2022 at 05:41:00PM +0300, Timo Aaltonen wrote: Did you have 2.7.0 at some point? 2.7.0-1 was installed 2022-05-27 2.7.0-1+b1 was installed 2022-05-29 no issues with either of those; I reverted to 2.6.3 just because it was easier to grab from the mirrors. I guess it should be filed upstream then, if it's a regression in 2.7.1 which was supposed to be a bugfix release. actually, this should fix it: https://github.com/SSSD/sssd/pull/6204 -- t
Bug#1012502: [Pkg-sssd-devel] Bug#1012502: Bug#1012502: sssd: authentication fails with latest sssd
Michael Stone kirjoitti 8.6.2022 klo 18.52: On Wed, Jun 08, 2022 at 05:41:00PM +0300, Timo Aaltonen wrote: Did you have 2.7.0 at some point? 2.7.0-1 was installed 2022-05-27 2.7.0-1+b1 was installed 2022-05-29 no issues with either of those; I reverted to 2.6.3 just because it was easier to grab from the mirrors. I guess it should be filed upstream then, if it's a regression in 2.7.1 which was supposed to be a bugfix release. https://github.com/SSSD/sssd/issues -- t
Bug#1012502: [Pkg-sssd-devel] Bug#1012502: sssd: authentication fails with latest sssd
On Wed, Jun 08, 2022 at 05:41:00PM +0300, Timo Aaltonen wrote: Did you have 2.7.0 at some point? 2.7.0-1 was installed 2022-05-27 2.7.0-1+b1 was installed 2022-05-29 no issues with either of those; I reverted to 2.6.3 just because it was easier to grab from the mirrors.
Bug#1012502: [Pkg-sssd-devel] Bug#1012502: sssd: authentication fails with latest sssd
Michael Stone kirjoitti 8.6.2022 klo 15.44: Package: sssd Version: 2.7.1-1 Severity: critical Justification: breaks the whole system Installing sssd 2.7.1-1 causes IPA/krb5 authentication to fail with messages such as the following in /var/log/sssd/sssd_DOMAIN.log (2022-06-07 18:31:36): [be[DOMAIN]] [krb5_auth_done] (0x3f7c0): [RID#10] The krb5_child process returned an error. Please inspect the krb5_child.log file or the journal for more information (2022-06-07 18:32:59): [be[DOMAIN]] [krb5_auth_send] (0x0020): [RID#14] Illegal empty authtok for user [USER@DOMAIN] ** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE: [...] * (2022-06-07 18:32:59): [be[DOMAIN]] [krb5_auth_queue_send] (0x1000): [RID#14] Wait queue of user [USER@DOMAIN] is empty, running request [0x560b4c6ac820] immediately. * (2022-06-07 18:32:59): [be[DOMAIN]] [krb5_auth_send] (0x0020): [RID#14] Illegal empty authtok for user [USER@DOMAIN] ** BACKTRACE DUMP ENDS HERE * while in /var/log/sssd/krb5_child.log: (2022-06-07 18:31:36): [krb5_child[2481391]] [sss_extract_pac] (0x0040): [RID#10] No PAC authdata available. ** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE: [...] * (2022-06-07 18:31:36): [krb5_child[2481391]] [validate_tgt] (0x2000): [RID#10] Found keytab entry with the realm of the credential. * (2022-06-07 18:31:36): [krb5_child[2481391]] [validate_tgt] (0x0400): [RID#10] TGT verified using key for [PRINCIPAL@DOMAIN]. * (2022-06-07 18:31:36): [krb5_child[2481391]] [sss_extract_pac] (0x0040): [RID#10] No PAC authdata available. ** BACKTRACE DUMP ENDS HERE * (2022-06-07 18:31:36): [krb5_child[2481391]] [validate_tgt] (0x0020): [RID#10] PAC check failed for principal [USER@DOMAIN]. (2022-06-07 18:31:36): [krb5_child[2481391]] [get_and_save_tgt] (0x0020): [RID#10] 2045: [1432158308][Unknown code UUz 100] ** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE: * (2022-06-07 18:31:36): [krb5_child[2481391]] [validate_tgt] (0x0020): [RID#10] PAC check failed for principal [USER@DOMAIN]. * (2022-06-07 18:31:36): [krb5_child[2481391]] [get_and_save_tgt] (0x0020): [RID#10] 2045: [1432158308][Unknown code UUz 100] ** BACKTRACE DUMP ENDS HERE * (2022-06-07 18:31:36): [krb5_child[2481391]] [map_krb5_error] (0x0020): [RID#10] [1432158308][PAC check failed]. (2022-06-08 8:06:08): [krb5_child[2498572]] [sss_extract_pac] (0x0040): [RID#93] No PAC authdata available. ** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE: [...] Reverting to sssd 2.6.3-3 immediately reestablishes authentication. Did you have 2.7.0 at some point? -- t
Bug#1012502: sssd: authentication fails with latest sssd
Package: sssd Version: 2.7.1-1 Severity: critical Justification: breaks the whole system Installing sssd 2.7.1-1 causes IPA/krb5 authentication to fail with messages such as the following in /var/log/sssd/sssd_DOMAIN.log (2022-06-07 18:31:36): [be[DOMAIN]] [krb5_auth_done] (0x3f7c0): [RID#10] The krb5_child process returned an error. Please inspect the krb5_child.log file or the journal for more information (2022-06-07 18:32:59): [be[DOMAIN]] [krb5_auth_send] (0x0020): [RID#14] Illegal empty authtok for user [USER@DOMAIN] ** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE: [...] * (2022-06-07 18:32:59): [be[DOMAIN]] [krb5_auth_queue_send] (0x1000): [RID#14] Wait queue of user [USER@DOMAIN] is empty, running request [0x560b4c6ac820] immediately. * (2022-06-07 18:32:59): [be[DOMAIN]] [krb5_auth_send] (0x0020): [RID#14] Illegal empty authtok for user [USER@DOMAIN] ** BACKTRACE DUMP ENDS HERE * while in /var/log/sssd/krb5_child.log: (2022-06-07 18:31:36): [krb5_child[2481391]] [sss_extract_pac] (0x0040): [RID#10] No PAC authdata available. ** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE: [...] * (2022-06-07 18:31:36): [krb5_child[2481391]] [validate_tgt] (0x2000): [RID#10] Found keytab entry with the realm of the credential. * (2022-06-07 18:31:36): [krb5_child[2481391]] [validate_tgt] (0x0400): [RID#10] TGT verified using key for [PRINCIPAL@DOMAIN]. * (2022-06-07 18:31:36): [krb5_child[2481391]] [sss_extract_pac] (0x0040): [RID#10] No PAC authdata available. ** BACKTRACE DUMP ENDS HERE * (2022-06-07 18:31:36): [krb5_child[2481391]] [validate_tgt] (0x0020): [RID#10] PAC check failed for principal [USER@DOMAIN]. (2022-06-07 18:31:36): [krb5_child[2481391]] [get_and_save_tgt] (0x0020): [RID#10] 2045: [1432158308][Unknown code UUz 100] ** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE: * (2022-06-07 18:31:36): [krb5_child[2481391]] [validate_tgt] (0x0020): [RID#10] PAC check failed for principal [USER@DOMAIN]. * (2022-06-07 18:31:36): [krb5_child[2481391]] [get_and_save_tgt] (0x0020): [RID#10] 2045: [1432158308][Unknown code UUz 100] ** BACKTRACE DUMP ENDS HERE * (2022-06-07 18:31:36): [krb5_child[2481391]] [map_krb5_error] (0x0020): [RID#10] [1432158308][PAC check failed]. (2022-06-08 8:06:08): [krb5_child[2498572]] [sss_extract_pac] (0x0040): [RID#93] No PAC authdata available. ** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE: [...] Reverting to sssd 2.6.3-3 immediately reestablishes authentication.