[Pkg-sssd-devel] Bug#1012502: Bug#1012502: sssd: authentication fails with latest sssd

Timo Aaltonen tjaalton at debian.org
Wed Jun 8 15:41:00 BST 2022


Michael Stone kirjoitti 8.6.2022 klo 15.44:
> Package: sssd
> Version: 2.7.1-1
> Severity: critical
> Justification: breaks the whole system
> 
> Installing sssd 2.7.1-1 causes IPA/krb5 authentication to fail with messages
> such as the following in /var/log/sssd/sssd_DOMAIN.log
> 
> (2022-06-07 18:31:36): [be[DOMAIN]] [krb5_auth_done] (0x3f7c0): [RID#10] The krb5_child process returned an error. Please inspect the krb5_child.log file or the journal for more information
> (2022-06-07 18:32:59): [be[DOMAIN]] [krb5_auth_send] (0x0020): [RID#14] Illegal empty authtok for user [USER at DOMAIN]
> ********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE:
> [...]
>     *  (2022-06-07 18:32:59): [be[DOMAIN]] [krb5_auth_queue_send] (0x1000): [RID#14] Wait queue of user [USER at DOMAIN] is empty, running request [0x560b4c6ac820] immediately.
>     *  (2022-06-07 18:32:59): [be[DOMAIN]] [krb5_auth_send] (0x0020): [RID#14] Illegal empty authtok for user [USER at DOMAIN]
> ********************** BACKTRACE DUMP ENDS HERE *********************************
> 
> 
> while in /var/log/sssd/krb5_child.log:
> 
> (2022-06-07 18:31:36): [krb5_child[2481391]] [sss_extract_pac] (0x0040): [RID#10] No PAC authdata available.
> ********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE:
> [...]
>     *  (2022-06-07 18:31:36): [krb5_child[2481391]] [validate_tgt] (0x2000): [RID#10] Found keytab entry with the realm of the credential.
>     *  (2022-06-07 18:31:36): [krb5_child[2481391]] [validate_tgt] (0x0400): [RID#10] TGT verified using key for [PRINCIPAL at DOMAIN].
>     *  (2022-06-07 18:31:36): [krb5_child[2481391]] [sss_extract_pac] (0x0040): [RID#10] No PAC authdata available.
> ********************** BACKTRACE DUMP ENDS HERE *********************************
> 
> (2022-06-07 18:31:36): [krb5_child[2481391]] [validate_tgt] (0x0020): [RID#10] PAC check failed for principal [USER at DOMAIN].
> (2022-06-07 18:31:36): [krb5_child[2481391]] [get_and_save_tgt] (0x0020): [RID#10] 2045: [1432158308][Unknown code UUz 100]
> ********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE:
>     *  (2022-06-07 18:31:36): [krb5_child[2481391]] [validate_tgt] (0x0020): [RID#10] PAC check failed for principal [USER at DOMAIN].
>     *  (2022-06-07 18:31:36): [krb5_child[2481391]] [get_and_save_tgt] (0x0020): [RID#10] 2045: [1432158308][Unknown code UUz 100]
> ********************** BACKTRACE DUMP ENDS HERE *********************************
> 
> (2022-06-07 18:31:36): [krb5_child[2481391]] [map_krb5_error] (0x0020): [RID#10] [1432158308][PAC check failed].
> (2022-06-08  8:06:08): [krb5_child[2498572]] [sss_extract_pac] (0x0040): [RID#93] No PAC authdata available.
> ********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE:
> [...]
> 
> 
> Reverting to sssd 2.6.3-3 immediately reestablishes authentication.

Did you have 2.7.0 at some point?


-- 
t



More information about the Pkg-sssd-devel mailing list