On Mon, 2021-05-10 at 16:01 +0000, Joakim Tjernlund wrote:
> On Mon, 2021-05-10 at 17:48 +0200, Pavel Březina wrote:
>> On 5/10/21 5:12 PM, Joakim Tjernlund wrote:
>>> On Mon, 2021-05-10 at 14:53 +0000, Joakim Tjernlund wrote:
>>>> I decided to test new sssd/KCM and this is what I get:
>>>>
>>>> - ssh from non sssd/krb machine to new sssd machine, entered password
>>>> ~ $ klist
>>>> Ticket cache: KCM:1001
>>>> Default principal: jocke(a)INFINERA.COM
>>>>
>>>> Valid starting Expires Service principal
>>>> 10/05/21 16:47:32 11/05/21 02:47:32 krbtgt/INFINERA.COM(a)INFINERA.COM
>>>> renew until 17/05/21 16:47:32
>>>> ~ $ ksu
>>>> ksu: Ccache function not supported: not implemented while selecting the
best principal
>>>>
>>>> I also have mit-kr5b master installed.
>>>>
>>>> Did I miss something?
>>
>>
>> krb5 master contains:
>>
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub....
>>
>> but RETRIEVE is not implemented in sssd-kcm. Kerberos should fallback to
>> its own function that was used before this commit.
FYI, reverting that commit makes it work.
Thanks for the information. Please, open a ticket against krb5.