URL: https://github.com/SSSD/sssd/pull/348 Title: #348: IPA: Only generate kdcinfo files on clients
lslebodn commented: """ I assume that this PR causes failures with master/replica tests fortunately was not backported to fedora ``` ------------------------- Added user "delegatuser2" ------------------------- User login: delegatuser2 First name: first Last name: last Full name: first last Display name: first last Initials: fl Home directory: /home/delegatuser2 GECOS: first last Login shell: /bin/sh Principal name: [email protected] Principal alias: [email protected] Email address: [email protected] UID: 1548600023 GID: 1548600023 Password: True Member of groups: ipausers Kerberos keys available: True :: [ PASS ] :: add test user account (Expected 0, got 0) :: [ BEGIN ] :: Running 'FirstKinitAs delegatuser2 [email protected] passw0rd1' [2823] 1504880210.893590: Destroying ccache KEYRING:persistent:0:0 Using default cache: persistent:0:0 Using principal: [email protected] [2825] 1504880210.899344: Getting initial credentials for [email protected] [2825] 1504880210.901391: Sending request (182 bytes) to TESTRELM.TEST [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] get_krb5info failed. [sssd_krb5_locator] sssd_krb5_locator_close called [2825] 1504880210.901538: Resolving hostname hp-dl380pgen8-02-vm-6.testrelm.test [2825] 1504880210.901919: Initiating TCP connection to stream 10.16.46.55:88 [2825] 1504880210.902014: Sending TCP request to stream 10.16.46.55:88 [2825] 1504880210.905017: Received answer (185 bytes) from stream 10.16.46.55:88 [2825] 1504880210.905027: Terminating TCP connection to stream 10.16.46.55:88 [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] get_krb5info failed. [sssd_krb5_locator] sssd_krb5_locator_close called [2825] 1504880210.905079: Response was from master KDC [2825] 1504880210.905099: Received error from KDC: -1765328361/Password has expired [2825] 1504880210.905133: Principal expired; getting changepw ticket [2825] 1504880210.905139: Getting initial credentials for [email protected] [2825] 1504880210.905157: Setting initial creds service to kadmin/changepw [2825] 1504880210.905177: Sending request (177 bytes) to TESTRELM.TEST (master) [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] get_krb5info failed. [sssd_krb5_locator] sssd_krb5_locator_close called [2825] 1504880210.905199: Resolving hostname hp-dl380pgen8-02-vm-6.testrelm.test [2825] 1504880210.905288: Initiating TCP connection to stream 10.16.46.55:88 [2825] 1504880210.905327: Sending TCP request to stream 10.16.46.55:88 [2825] 1504880210.908087: Received answer (307 bytes) from stream 10.16.46.55:88 [2825] 1504880210.908098: Terminating TCP connection to stream 10.16.46.55:88 [2825] 1504880210.908133: Received error from KDC: -1765328359/Additional pre-authentication required [2825] 1504880210.908157: Processing preauth types: 16, 15, 14, 136, 19, 147, 2, 133 [2825] 1504880210.908173: Selected etype info: etype aes256-cts, salt "W@hFH=1hsBH5HYPg", params "" [2825] 1504880210.908177: Received cookie: MIT [2825] 1504880210.908208: PKINIT client has no configured identity; giving up [2825] 1504880210.908225: Preauth module pkinit (147) (info) returned: 0/Success [2825] 1504880210.908233: PKINIT client has no configured identity; giving up [2825] 1504880210.908239: Preauth module pkinit (16) (real) returned: 22/Invalid argument [2825] 1504880210.908245: PKINIT client has no configured identity; giving up [2825] 1504880210.908250: Preauth module pkinit (14) (real) returned: 22/Invalid argument [2825] 1504880210.908256: PKINIT client has no configured identity; giving up [2825] 1504880210.908261: Preauth module pkinit (14) (real) returned: 22/Invalid argument Password for [email protected]: [2825] 1504880210.918471: AS key obtained for encrypted timestamp: aes256-cts/F3F3 [2825] 1504880210.918562: Encrypted timestamp (for 1504880210.918347): plain 301AA011180F32303137303930383134313635305AA10502030E034B, encrypted 390D26DE04A2BC136E2DAC5F4F309840E0D42C9F62BFB821E8841F6838BC26C77B3E8B7F327A3372386281B72AD4D1A11504DAD7DF2208D2 [2825] 1504880210.918588: Preauth module encrypted_timestamp (2) (real) returned: 0/Success [2825] 1504880210.918592: Produced preauth for next request: 133, 2 [2825] 1504880210.918611: Sending request (272 bytes) to TESTRELM.TEST (master) [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] get_krb5info failed. [sssd_krb5_locator] sssd_krb5_locator_close called [2825] 1504880210.918690: Resolving hostname hp-dl380pgen8-02-vm-6.testrelm.test [2825] 1504880210.919006: Initiating TCP connection to stream 10.16.46.55:88 [2825] 1504880210.919083: Sending TCP request to stream 10.16.46.55:88 [2825] 1504880210.922725: Received answer (742 bytes) from stream 10.16.46.55:88 [2825] 1504880210.922735: Terminating TCP connection to stream 10.16.46.55:88 [2825] 1504880210.922775: Processing preauth types: 19 [2825] 1504880210.922782: Selected etype info: etype aes256-cts, salt "W@hFH=1hsBH5HYPg", params "" [2825] 1504880210.922788: Produced preauth for next request: (empty) [2825] 1504880210.922794: AS key determined by preauth: aes256-cts/F3F3 [2825] 1504880210.923127: Decrypted AS reply; session key is: aes256-cts/0568 [2825] 1504880210.923167: FAST negotiation: available [2825] 1504880210.923204: Attempting password change; 3 tries remaining Password expired. You must change it now. Enter new password: Enter it again: [2825] 1504880210.923272: Creating authenticator for [email protected] -> kadmin/[email protected], seqnum 0, subkey aes256-cts/D062, session key aes256-cts/0568 [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] get_krb5info failed. [sssd_krb5_locator] sssd_krb5_locator_close called [2825] 1504880210.924000: Resolving hostname kvm-02-guest13.testrelm.test. [2825] 1504880210.924432: Sending initial UDP request to dgram 2620:52:0:1040:5054:ff:fe3c:928b:464 [2825] 1504880210.955045: Received answer (248 bytes) from dgram 2620:52:0:1040:5054:ff:fe3c:928b:464 [2825] 1504880210.955180: Read AP-REP, time 1504880210.923277, subkey aes256-cts/D062, seqnum 108625971 [2825] 1504880210.955237: Getting initial TGT with changed password [2825] 1504880210.955248: Getting initial credentials for [email protected] [2825] 1504880210.955315: Sending request (182 bytes) to TESTRELM.TEST (master) [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] get_krb5info failed. [sssd_krb5_locator] sssd_krb5_locator_close called [2825] 1504880210.955382: Resolving hostname hp-dl380pgen8-02-vm-6.testrelm.test [2825] 1504880210.955609: Initiating TCP connection to stream 10.16.46.55:88 [2825] 1504880210.955678: Sending TCP request to stream 10.16.46.55:88 [2825] 1504880210.957988: Received answer (185 bytes) from stream 10.16.46.55:88 [2825] 1504880210.958004: Terminating TCP connection to stream 10.16.46.55:88 [2825] 1504880210.958061: Received error from KDC: -1765328361/Password has expired kinit: Password has expired while getting initial credentials klist: Credentials cache keyring 'persistent:0:0' not found :: [ 10:16:50 ] :: ERROR: kinit as delegatuser2 with new password passw0rd1 failed. :: [ FAIL ] :: Command 'FirstKinitAs delegatuser2 [email protected] passw0rd1' (Expected 0, got 1) ``` """ See the full comment at https://github.com/SSSD/sssd/pull/348#issuecomment-328126857
_______________________________________________ sssd-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
