On 5/10/21 8:10 PM, Joakim Tjernlund wrote:
> On Mon, 2021-05-10 at 16:01 +0000, Joakim Tjernlund wrote:
> > On Mon, 2021-05-10 at 17:48 +0200, Pavel Březina wrote:
> > > On 5/10/21 5:12 PM, Joakim Tjernlund wrote:
> > > > On Mon, 2021-05-10 at 14:53 +0000, Joakim Tjernlund wrote:
> > > > > I decided to test new sssd/KCM and this is what I get:
> > > > >
> > > > > - ssh from non sssd/krb machine to new sssd machine, entered
password
> > > > > ~ $ klist
> > > > > Ticket cache: KCM:1001
> > > > > Default principal: jocke(a)INFINERA.COM
> > > > >
> > > > > Valid starting Expires Service principal
> > > > > 10/05/21 16:47:32 11/05/21 02:47:32
krbtgt/INFINERA.COM(a)INFINERA.COM
> > > > > renew until 17/05/21 16:47:32
> > > > > ~ $ ksu
> > > > > ksu: Ccache function not supported: not implemented while
selecting the best principal
> > > > >
> > > > > I also have mit-kr5b master installed.
> > > > >
> > > > > Did I miss something?
> > >
> > >
> > > krb5 master contains:
> > >
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub....
> > >
> > > but RETRIEVE is not implemented in sssd-kcm. Kerberos should fallback to
> > > its own function that was used before this commit.
>
> FYI, reverting that commit makes it work.
Thanks for the information. Please, open a ticket against krb5.
Easier said than done. I could not find an issue tracker for mit-krb5, is there one?
Found a bug email list I mailed but not sure it will get through(I am not joining yet
another list just to report a bug)
Jocke