On Mon, Feb 13, 2017 at 01:01:54PM -0500, Michael Smith wrote: > On Mon, Feb 13, 2017 at 4:05 AM, Jakub Hrozek <[email protected]> wrote: > > > On Fri, Feb 10, 2017 at 02:23:24PM -0500, Michael Smith wrote: > > > > > But when I enter my password with sudo, I can see in krb5_child.log that > > > it's cycling through all the DCs twice, first for UDP and then for TCP. > > So > > > it's ignoring the locator information and the udp_preference_limit as > > well. > > > > > > I'm on Ubuntu 16.04 LTS, with sssd 1.13.4 and libkrb5-3 1.13.2. > > > > > > /var/lib/sss/pubconf/kdcinfo.MYDOMAIN is pointing to the correct IP. > > > In /var/lib/sss/pubconf/krb5.include.d/localauth_plugin I see: > > > > > > [plugins] > > > localauth = { > > > module = > > > sssd:/usr/lib/x86_64-linux-gnu/sssd/modules/sssd_krb5_ > > localauth_plugin.so > > > enable_only = sssd > > > } > > > > > > > Could you test the same with KRB5_TRACE=/dev/stderr kinit and also perhaps > > with strace kinit to see if the locator file is opened at all and there > > are e.g. no permission errors while SSSD is opening the kdcinfo file? > > > Thanks for the tip - I can see in strace that Kerberos is looking for > plugins in /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5: > > open("/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5", > O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or > directory) > > But sssd_krb5_locator_plugin.so is in > /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5 (last component is krb5 instead > of libkrb5). > > If I copy the krb5 directory to libkrb5, strace shows the plugin is loaded, > the kdcinfo file is read, and kinit is talking to my local DC first. > > Would I be correct in thinking this is an Ubuntu packaging issue?
Perhaps, but I'm not a Ubuntu developer, so I'm not sure I can comment more. I'll just note that there is a configure time option called "--with-pubconf-path=PATH" in SSSD that allows to tweak where the files are stored. I'd recommend to open a bug at Launchpad for Ubuntu.. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
