[Bug 2049061] Re: adsysctl update with a domain user fails if KRB5CCNAME is not set

Wed, 26 Jun 2024 06:15:47 -0700 

** Description changed:

+ This bug is not being verified individually because of the use of the
+ SRU exception process (LP: #2059756)
+ 
+ -----
+ 
  In an environment where /etc/krb5.conf sets "default_ccache_name =
  FILE:/tmp/krb5cc_%{uid}" and you don't have the KRB5CCNAME variable set,
  running "adsysctl update" with a AD domain user will fail.
  
  If you either export the variable with the path to the kerberos ticket
  OR run the command "adsysctl update <user@domain>
  <path_to_kerberos_ticket>" it works.
  
  The adsysctl command should fallback to the default location when
  KRB5CCNAME is not defined or have a mechanism to query klist and find
  the Kerberos tickets location.
  
  Given that adsys can't find Kerberos tickets when `klist` does. It seems
  like a feature parity issue, granted, an edge case.
  
  Here is an example of a reproducer:
  
  https://pastebin.ubuntu.com/p/FjyTWQChjM/
  
  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: adsys 0.9.2~22.04.2
  ProcVersionSignature: Ubuntu 6.2.0-1014.14~22.04.1-aws 6.2.16
  Uname: Linux 6.2.0-1014-aws x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CloudArchitecture: x86_64
  CloudID: aws
  CloudName: aws
  CloudPlatform: ec2
  CloudRegion: us-west-2
  CloudSubPlatform: metadata (http://169.254.169.254)
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Jan 11 11:39:06 2024
  Ec2AMI: ami-00094f7041bb1b79d
  Ec2AMIManifest: (unknown)
  Ec2Architecture: x86_64
  Ec2AvailabilityZone: us-west-2b
  Ec2Imageid: ami-00094f7041bb1b79d
  Ec2InstanceType: t3.large
  Ec2Instancetype: t3.large
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Ec2Region: us-west-2
  ProcEnviron:
-  TERM=xterm-256color
-  PATH=(custom, no user)
-  LANG=en_US.utf8
-  SHELL=/bin/bash
+  TERM=xterm-256color
+  PATH=(custom, no user)
+  LANG=en_US.utf8
+  SHELL=/bin/bash
  RebootRequiredPkgs: Error: path contained symlinks.
  RelatedPackageVersions:
-  sssd          2.6.3-1ubuntu3.2
-  python3-samba 2:4.15.13+dfsg-0ubuntu1.5
+  sssd          2.6.3-1ubuntu3.2
+  python3-samba 2:4.15.13+dfsg-0ubuntu1.5
  SourcePackage: adsys
  UpgradeStatus: No upgrade log present (probably fresh install)
  
modified.conffile..etc.polkit-1.localauthority.conf.d.99-adsys-privilege-enforcement.conf:
 [deleted]
  modified.conffile..etc.sudoers.d.99-adsys-privilege-enforcement: [deleted]

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2049061

Title:
  adsysctl update with a domain user fails if KRB5CCNAME is not set

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2049061/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to