[Bug 1857104] New: Using FreeIPA breaks IPv4/IPv6 flags for SSH
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1857104
Bug ID: 1857104
Summary: Using FreeIPA breaks IPv4/IPv6 flags for SSH
Product: Fedora
Version: 32
Status: NEW
Component: sssd
Assignee: sssd-maintainers(a)lists.fedoraproject.org
Reporter: ossman(a)cendio.se
QA Contact: extras-qa(a)fedoraproject.org
CC: abokovoy(a)redhat.com, atikhono(a)redhat.com,
jhrozek(a)redhat.com, lslebodn(a)redhat.com,
mzidek(a)redhat.com, pbrezina(a)redhat.com,
rharwood(a)redhat.com, sbose(a)redhat.com,
ssorce(a)redhat.com,
sssd-maintainers(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Description of problem:
If a client is configured using ipa-client-install then the -4 and -6 flags
stop working for ssh.
Version-Release number of selected component (if applicable):
Doesn't matter. Seen on RHEL 6 through 8, and on current Fedora.
How reproducible:
100%
Steps to Reproduce:
1. ipa-client-install
2. ssh -4 host.example.com
Actual results:
Connected via IPv6
Expected results:
Connected via IPv4
Additional info:
The bug is that sss_ssh_knownhostsproxy is configured on the client and that
command doesn't respect the flags given to ssh.
The issue affects all hosts, not just those part of the same FreeIPA domain.
A practical effect of this is that connections get rejected or misbehave
because of IP based rules in place for this connection.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
2 weeks, 1 day
[Bug 2217912] New: Missing libsss_simpleifp makes ipsilon-infosssd uninstallable
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2217912
Bug ID: 2217912
Summary: Missing libsss_simpleifp makes ipsilon-infosssd
uninstallable
Product: Fedora
Version: rawhide
OS: Linux
Status: NEW
Component: sssd
Severity: medium
Assignee: sssd-maintainers(a)lists.fedoraproject.org
Reporter: jpazdziora(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: abokovoy(a)redhat.com, atikhono(a)redhat.com,
jhrozek(a)redhat.com, lslebodn(a)redhat.com,
luk.claes(a)gmail.com, mzidek(a)redhat.com,
pbrezina(a)redhat.com, sbose(a)redhat.com,
ssorce(a)redhat.com,
sssd-maintainers(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
On Fedora rawhide, installation of ipsilon-infosssd now fails due to missing
libsss_simpleifp dependency.
Reproducible: Always
Steps to Reproduce:
1. dnf install ipsilon-infosssd
Actual Results:
Last metadata expiration check: 0:04:57 ago on Tue Jun 27 12:50:04 2023.
Error:
Problem: conflicting requests
- nothing provides libsss_simpleifp needed by
ipsilon-infosssd-3.0.4-6.fc39.noarch from rawhide
(try to add '--skip-broken' to skip uninstallable packages)
Expected Results:
No error, ipsilon-infosssd installed.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2217912
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...
3 months
[Bug 2214534] New: [abrt] sssd-common: __strcmp_avx2(): sssd_be killed by SIGSEGV
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2214534
Bug ID: 2214534
Summary: [abrt] sssd-common: __strcmp_avx2(): sssd_be killed by
SIGSEGV
Product: Fedora
Version: 38
Hardware: x86_64
Status: NEW
Whiteboard: abrt_hash:a07038fd78acc47fd66b266203cafebd50509e00;VAR
IANT_ID=workstation;
Component: sssd
Assignee: sssd-maintainers(a)lists.fedoraproject.org
Reporter: jortialc(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: abokovoy(a)redhat.com, atikhono(a)redhat.com,
jhrozek(a)redhat.com, lslebodn(a)redhat.com,
luk.claes(a)gmail.com, mzidek(a)redhat.com,
pbrezina(a)redhat.com, sbose(a)redhat.com,
ssorce(a)redhat.com,
sssd-maintainers(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Description of problem:
This happens when doing some privilege escalation like using sudo or the
authentication required dialog in Gnome
Version-Release number of selected component:
sssd-common-2.9.0-1.fc38
Additional info:
reporter: libreport-2.17.10
type: CCpp
reason: sssd_be killed by SIGSEGV
journald_cursor:
s=025af2782fd445c2a5eb791571c74138;i=250aa;b=61468fbb4dd141e9b488d260f287c4ef;m=69ee27e2a;t=5fd9e17d98e50;x=b86133abd50e6842
executable: /usr/libexec/sssd/sssd_be
cmdline: /usr/libexec/sssd/sssd_be --domain ipa.redhat.com --uid 0 --gid
0 --logger=files
cgroup: 0::/system.slice/sssd.service
rootdir: /
uid: 0
kernel: 6.3.5-200.fc38.x86_64
package: sssd-common-2.9.0-1.fc38
runlevel: N 5
backtrace_rating: 4
crash_function: __strcmp_avx2
comment: This happens when doing some privilege escalation like using
sudo or the authentication required dialog in Gnome
Truncated backtrace:
Thread no. 1 (21 frames)
#0 __strcmp_avx2 at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:283
#1 be_resolve_server_process at src/providers/data_provider_fo.c:691
#2 be_resolve_server_done at src/providers/data_provider_fo.c:557
#3 fo_resolve_service_server at src/providers/fail_over.c:1169
#4 _tevent_req_error at ../../tevent_req.c:221
#5 resolve_srv_done at src/providers/fail_over.c:1480
#6 fo_discover_srv_done at src/providers/fail_over_srv.c:141
#7 resolv_getsrv_done at src/resolv/async_resolv.c:1877
#8 qcallback at
/usr/src/debug/c-ares-1.19.1-1.fc38.x86_64/src/lib/ares_query.c:143
#9 end_query at
/usr/src/debug/c-ares-1.19.1-1.fc38.x86_64/src/lib/ares_process.c:1525
#10 process_answer at
/usr/src/debug/c-ares-1.19.1-1.fc38.x86_64/src/lib/ares_process.c:598
#11 read_udp_packets at
/usr/src/debug/c-ares-1.19.1-1.fc38.x86_64/src/lib/ares_process.c:548
#12 processfds at
/usr/src/debug/c-ares-1.19.1-1.fc38.x86_64/src/lib/ares_process.c:126
#13 tevent_common_invoke_fd_handler at ../../tevent_fd.c:142
#14 epoll_event_loop at ../../tevent_epoll.c:737
#15 epoll_event_loop_once at ../../tevent_epoll.c:938
#16 std_event_loop_once at ../../tevent_standard.c:110
#17 _tevent_loop_once at ../../tevent.c:823
#18 tevent_common_loop_wait at ../../tevent.c:949
#19 std_event_loop_wait at ../../tevent_standard.c:141
#20 server_loop at src/util/server.c:787
Potential duplicate: bug 1773488
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2214534
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...
3 months, 2 weeks
[Bug 2212343] New: kinit: Connection refused while getting default ccache (broken sssd)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2212343
Bug ID: 2212343
Summary: kinit: Connection refused while getting default ccache
(broken sssd)
Product: Fedora
Version: 38
Hardware: x86_64
OS: Linux
Status: NEW
Component: sssd
Severity: medium
Assignee: sssd-maintainers(a)lists.fedoraproject.org
Reporter: thofman(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: abokovoy(a)redhat.com, atikhono(a)redhat.com,
jhrozek(a)redhat.com, lslebodn(a)redhat.com,
luk.claes(a)gmail.com, mzidek(a)redhat.com,
pbrezina(a)redhat.com, sbose(a)redhat.com,
ssorce(a)redhat.com,
sssd-maintainers(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Hello, on freshly installed system, after installing krb5-workstation and
configuring /etc/krb5.conf, I'm unable to use `kinit` command:
```
$ kinit thofman(a)REDHAT.COM
kinit: Connection refused while getting default ccache
```
Complete output of `KRB5_TRACE=/dev/stderr strace -f klist` is attached bellow.
Notably, strace shows lines like:
```
connect(4, {sa_family=AF_UNIX, sun_path="/var/run/.heim_org.h5l.kcm-socket"},
110) = -1 ECONNREFUSED (Connection refused)
```
Not sure if this is related, but sssd is installed (was in base installation?)
but does not start:
```
$ systemctl status sssd
○ sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; preset:
ena>
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: inactive (dead)
Condition: start condition failed at Mon 2023-06-05 10:03:58 CEST; 43min ago
├─ ConditionPathExists=|/etc/sssd/sssd.conf was not met
└─ ConditionDirectoryNotEmpty=|/etc/sssd/conf.d was not met
Jun 05 10:03:58 fedora systemd[1]: sssd.service - System Security Services
Daem>
```
When I modify /etc/krb5.conf.d/kcm_default_ccache and comment out the line
"default_ccache_name = KCM:", kinit starts to work.
Reproducible: Always
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2212343
3 months, 3 weeks