On Mon, 2021-05-10 at 17:48 +0200, Pavel Březina wrote: > On 5/10/21 5:12 PM, Joakim Tjernlund wrote: > > On Mon, 2021-05-10 at 14:53 +0000, Joakim Tjernlund wrote: > > > I decided to test new sssd/KCM and this is what I get: > > > > > > - ssh from non sssd/krb machine to new sssd machine, entered password > > > ~ $ klist > > > Ticket cache: KCM:1001 > > > Default principal: [email protected] > > > > > > Valid starting Expires Service principal > > > 10/05/21 16:47:32 11/05/21 02:47:32 krbtgt/[email protected] > > > renew until 17/05/21 16:47:32 > > > ~ $ ksu > > > ksu: Ccache function not supported: not implemented while selecting the > > > best principal > > > > > > I also have mit-kr5b master installed. > > > > > > Did I miss something? > > > krb5 master contains: > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fkrb5%2Fkrb5%2Fcommit%2F795ebba8c039be172ab93cd41105c73ffdba0fdb&data=04%7C01%7Cjoakim.tjernlund%40infinera.com%7C6711baf1f6ab4e4cfb8f08d913cb27bf%7C285643de5f5b4b03a1530ae2dc8aaf77%7C1%7C0%7C637562585534486850%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=e0rLEUFUeX0hgdo7BlVWvc5%2F%2FqV6dNF25FtZEo4E1n4%3D&reserved=0 > > but RETRIEVE is not implemented in sssd-kcm. Kerberos should fallback to > its own function that was used before this commit.
hmm, not sure what to do here, downgrade mit-krb5? Then I don't get the new KCM feature. The trace didn't help any? Here is a ssh trace in case that helps: KRB5_TRACE=/dev/stdout ssh devsrv [7615] 1620662408.437070: ccselect module realm chose cache KCM:1001 with client principal [email protected] for server principal host/[email protected] [7615] 1620662408.437071: Getting credentials [email protected] -> host/[email protected] using ccache KCM:1001 [7615] 1620662408.437072: Retrieving [email protected] -> krb5_ccache_conf_data/start_realm@X-CACHECONF: from KCM:1001 with result: -1765328137/Ccache function not supported: not implemented [7615] 1620662408.437073: Retrieving [email protected] -> host/[email protected] from KCM:1001 with result: -1765328137/Ccache function not supported: not implemented [7615] 1620662408.437079: ccselect module realm chose cache KCM:1001 with client principal [email protected] for server principal host/[email protected] [7615] 1620662408.437080: Getting credentials [email protected] -> host/[email protected] using ccache KCM:1001 [7615] 1620662408.437081: Retrieving [email protected] -> krb5_ccache_conf_data/start_realm@X-CACHECONF: from KCM:1001 with result: -1765328137/Ccache function not supported: not implemented [7615] 1620662408.437082: Retrieving [email protected] -> host/[email protected] from KCM:1001 with result: -1765328137/Ccache function not supported: not implemented (jocke@devsrv) Password: Jocke _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
