Hello Sergio, do you have conceived an opinion on this issue?
Thanks, Hajo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1988144 Title: klist not showing tgt after reboot Status in krb5 package in Ubuntu: Incomplete Bug description: Hello, iam not sure if this is a bug, but iam noticed a different behaviour of kinit/klist between Ubuntu 18.04 and 22.04 I already talked to sam hartman who is maintainer of krb5 packages at debian and he told that basically there is no difference between different version of kinit/klist and one should dig in Ubuntu environment. Let me decribe the notice: We use kinit/klist/krb5 keytab as base for sssd and ssh access controlled by AD. In Ubuntu 18.04 LTS i could do: "kinit myprincipal" and created a valid tgt. This tgt was stable and survived a reboot which can be viewed by "klist". I log in as unprivileged user, doing "sudo -i" and see: myhost: # klist Ticket cache: FILE:/tmp/krb5cc_27465975_uqBiyq File /tmp/krb5cc_27465975_uqBiyq is existent and owned by my unprivileged username and group domainusers. Ubuntu 18.04 LTS is using 1.16-2ubuntu0.2 of krb5-user. i have to say, that first login as unprivileged user is done by using ssh-keypair, so no sssd is involved. But by using "sudo -i" sssd is used and worked like expected. Now we switched to Ubuntu 22.04 LTS, Version of krb5-user is 1.19.2-2 Doing kinit myprincipal on 22.04 leads to: myhost: # klist Ticket cache: FILE:/tmp/krb5cc_0 File /tmp/krb5cc_0 is owned by root:root After reboot i can still login successful as unprivileged user make "sudo -i" and klist says: myhost: # klist klist: No credentials cache found (filename: /tmp/krb5cc_0 File /tmp/krb5cc_0 is gone (deleted from unknown), but i see a file /tmp/krb5cc_27465975_nGySkP which is owned by my unprivileged username and group is domainusers. is this expected? It seems that newer klist always wants to use the default name /tmp/krb5cc_0. It creates tgt with this name and tries to read this filename. but after reboot file is recreated with different name and default klist command fails. First login as unprivilged user was done with ssh-keypair without sssd, but "sudo -i" uses sssd agin. Whole thing only works like in 18.04 if you dont use ssh-keypairs and do all logins by hand with manually login, so sssd is forced to use in every step. What do you think? Is this a bug or wrong use? Behaviour of 18.04 was absolutely satisfying. Thanks, Hans To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1988144/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
