[PATCH] sudo responder: use different callback for oob refresh
by Pavel Březina
https://fedorahosted.org/sssd/ticket/1693
The reason why sudo show different messages is that SSSD crashes
(SIGABRT from talloc) when out of band refresh is finished. For some
reason, Nikolai's test is much more likely to reveal this on rhel
systems than on fedora, however the SSSD crashes on both systems.
How to test it:
1. run Nikolai's test attached to bugzilla
2. attach gdb to sssd_sudo and hit continue
3. wait for it
Without the patch, you will receive SIGABRT from talloc. With the patch,
you'll get SIGTERM from the test.
I'd like to get this to both 1.10 and 1.9.
10 years, 10 months
[PATCH] AD: kinit with the local DC even when talking to a GC
by Jakub Hrozek
The attached patch should fix trouble we had with SRV discovery and
trusts.
We tried to use the GC address even for kinit which gave us errors like:
"Realm not local to KDC while getting initial credentials".
This patch adds a new AD_GC service that is only used for ID lookups,
any sort of Kerberos operations are done against the local servers.
10 years, 10 months
[PATCH] Revert "Implicitly activate the PAC responder for AD provider"
by Sumit Bose
Hi,
with this patch the PAC responder is not started automatically if the AD
provider is configured, because there are configurations, e.g.
ldap_id_mapping = False, which are not handled properly by the PAC
responder. When this is fixed it might be enabled again.
bye,
Sumit
10 years, 10 months
[PATCHES] Fix krb5 ticket renewal
by Sumit Bose
Hi,
David Woodhouse identified an issue with Kerberos ticket renewal.
Attached two patches fix two issues related to the authtok refactoring
which make renewal for me working again.
bye,
Sumit
10 years, 10 months
sysdb_delete_group - No such file or directory and other errors
by Steve Traylen
Hi
sssd-1.9.2-82.7.el6_4
I've a few Error messages that I'd like to understand , if you have some comments that would be great.
* sssd_CERN.log
sssd[be[CERN]]] [sysdb_search_user_by_uid] (0x0400): No such entry
sssd[be[CERN]]] [sysdb_delete_group] (0x0400): Error: 2 (No such file or directory)
* sssd_nss.log
(Mon Jun 24 06:40:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: FC3020
(Mon Jun 24 06:40:26 2013) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching.
(Mon Jun 24 06:40:26 2013) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0xc5eff0
(Mon Jun 24 06:40:26 2013) [sssd[nss]] [nss_cmd_getpwuid_dp_callback] (0x0040): Unable to get information from Data Provider
Error: 3, 5, (null)
Will try to return what we have in cache
(Mon Jun 24 06:40:26 2013) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x430590:1:-1@CERN]
(Mon Jun 24 06:40:26 2013) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0xd85a00][20]
* sssd_nss.log
(Mon Jun 24 09:52:18 2013) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Fast reply - offline
(Mon Jun 24 09:52:18 2013) [sssd[nss]] [nss_cmd_getpwnam_dp_callback] (0x0040): Unable to get information from Data Provider
Error: 1, 11, Fast reply - offline
Will try to return what we have in cache
* sssd_pam.log
(Mon Jun 24 09:52:18 2013) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider
- DP error code: 1 errno: 11 error message: Offline
(Mon Jun 24 09:52:18 2013) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider
Error: 1, 11, Offline
(Mon Jun 24 09:52:18 2013) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [XXXXXXX@CERN]
10 years, 10 months
[PATCHES] 1.5: Quit SSSD gracefully
by Ondrej Kos
Hi,
Attached are 3 patches, backporting the capability of SSSD to exit
gracefully when providers fail to start for SSSD 1.5
This addresses https://bugzilla.redhat.com/show_bug.cgi?id=974036
The above is not technically a bug - SSSD failed to start correctly with
misconfigured provider, but in these cases it should also quit, which
did not happen and the core process kept running. With the attached
patches SSSD fails to start as expected.
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech
10 years, 10 months