On Tue, 2021-05-11 at 11:09 +0200, Joakim Tjernlund wrote:
> On Tue, 2021-05-11 at 10:25 +0200, Pavel Březina wrote:
> > On 5/10/21 8:10 PM, Joakim Tjernlund wrote:
> > > On Mon, 2021-05-10 at 16:01 +0000, Joakim Tjernlund wrote:
> > > > On Mon, 2021-05-10 at 17:48 +0200, Pavel Březina wrote:
> > > > > On 5/10/21 5:12 PM, Joakim Tjernlund wrote:
> > > > > > On Mon, 2021-05-10 at 14:53 +0000, Joakim Tjernlund wrote:
> > > > > > > I decided to test new sssd/KCM and this is what I get:
> > > > > > >
> > > > > > > - ssh from non sssd/krb machine to new sssd machine,
entered password
> > > > > > > ~ $ klist
> > > > > > > Ticket cache: KCM:1001
> > > > > > > Default principal: jocke(a)INFINERA.COM
> > > > > > >
> > > > > > > Valid starting Expires Service
principal
> > > > > > > 10/05/21 16:47:32 11/05/21 02:47:32
krbtgt/INFINERA.COM(a)INFINERA.COM
> > > > > > > renew until 17/05/21 16:47:32
> > > > > > > ~ $ ksu
> > > > > > > ksu: Ccache function not supported: not implemented
while selecting the best principal
> > > > > > >
> > > > > > > I also have mit-kr5b master installed.
> > > > > > >
> > > > > > > Did I miss something?
> > > > >
> > > > >
> > > > > krb5 master contains:
> > > > >
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub....
> > > > >
> > > > > but RETRIEVE is not implemented in sssd-kcm. Kerberos should
fallback to
> > > > > its own function that was used before this commit.
> > >
> > > FYI, reverting that commit makes it work.
> >
> > Thanks for the information. Please, open a ticket against krb5.
>
> Easier said than done. I could not find an issue tracker for mit-krb5, is there one?
> Found a bug email list I mailed but not sure it will get through(I am not joining yet
another list just to report a bug)
>
> Jocke
Managed to add a comment here:
https://github.com/krb5/krb5/pull/1178