View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0017998 | CentOS-8 | sssd | public | 2021-01-07 16:05 | 2021-01-07 16:07 |
| Reporter | jcbollinger | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Product Version | 8.3.2011 | ||||
| Summary | 0017998: Updating to sssd-2.4.0-3 breaks kerberos authentication for users with cached credentials | ||||
| Description | sssd-2.4.0-3 was recently rolled out in the BaseOS repository for CentOS Stream, but that package suffers from the update-path issue documented here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-075cc71cb8. The effect is that updating from an earlier sssd to that one breaks kerberos logins for users who have existing cached credentials. | ||||
| Steps To Reproduce | 1. Start with a CentOS 8.2 system, or a CentOS Stream system having sssd-2.2.3-20 2. Join the machine to a Kerberos realm, and configure the machine to authenticate users against that realm 3. Log in as a Kerberos-authenticated user, then log out. 4. Update to sssd-2.4.0-3 from the latest CentOS "baseos" repository. 5. Attempt to log in again as the same kerberos-authenticated user. | ||||
| Additional Information | As I read the commentary, it appears that this flaw is unique to the sssd-2.4.0-3 package (and its subpackages). Downgrading sssd to any earlier version, including sssd-2.4.0-2, supposedly resolves the issue in Fedora. Downgrading to sssd-2.2.3-20 resolved it for me on CentOS Stream. According to its change log, Fedora's sssd-2.4.0-4 does not suffer from the same upgrade issue. | ||||
| Tags | authentication, kerberos, update | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-01-07 16:05 | jcbollinger | New Issue | |
| 2021-01-07 16:05 | jcbollinger | Tag Attached: authentication | |
| 2021-01-07 16:07 | jcbollinger | Tag Attached: update | |
| 2021-01-07 16:07 | jcbollinger | Tag Attached: kerberos |
