[Pkg-sssd-devel] Bug#977375: sssd-krb5: DIR: credential cache collection creates directory with wrong mode (0600) and subsequently fails
Oliver Freyermuth
freyermuth at physik.uni-bonn.de
Tue Dec 15 19:58:03 GMT 2020
Package: sssd-krb5
Version: 1.16.3-3.2
Severity: important
Dear maintainers,
credential collections of type "DIR:dirname" fail since the directory is created by sssd-krb5 with broken permissions 0600,
as also mentioned in #977375.
This has already been reported upstream in [0] by another user, and after I bumped the problem, a patch has been posted at that URL,
which I have tested on top of sssd-1.16.3-3.2 by rebuilding the package with the patch applied,
configuring /etc/krb5.conf accordingly:
[libdefaults]
...
default_ccache_name = DIR:/tmp/krb5cc_%{uid}
purging all existing such directories and retrying. I can confirm that the patch works as expected.
The issue is now also reported to upstream's bugtracker[1]
and a PR[2] against their master branch has been made by the patch developer.
Note that the very same patch applies fine against 1.16.3 with slightly different offsets and was verified as discussed above.
-- System Information
Debian Release: 10.7
Kernel: 4.19.0-13
Architecture: amd64 (x86_64)
[0] https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/3FH5A2M64KKVTPRUCWV4LLGWEYTV7CL5/
[1] https://github.com/SSSD/sssd/issues/5436
[2] https://github.com/SSSD/sssd/pull/5437
More information about the Pkg-sssd-devel
mailing list