This bug was fixed in the package sssd - 2.6.3-1ubuntu3.5
---
sssd (2.6.3-1ubuntu3.5) jammy; urgency=medium
* Fix a regression in pam_sss_gss where if KRB5CCNAME was
not set, authentication would fail. (LP: #2103623)
- d/p/lp2103623-pam_sss_gss-KRB5CCNAME-may-be-NULL.patch
Thanks for the detailed verification!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103623
Title:
pam_sss_gss fails to work when KRB5CCNAME is not set
To manage notifications about this bug go to:
Performing verification for Jammy.
I set up a Samba Active Directory KDC on a Focal Server by:
You will need a 20.04 server instance, and a 20.04 Desktop instance.
1) Create a fresh 20.04 server instance
2) sudo apt update
3) sudo apt upgrade
4) sudo hostnamectl set-hostname samba-dc
5) sudo vim
ppa packages tested and now fixed! thanks for the fast turnaround!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103623
Title:
pam_sss_gss fails to work when KRB5CCNAME is not set
To manage notifi
Attached is a debdiff for jammy which solves this issue.
** Patch added: "Debdiff for sssd on jammy"
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2103623/+attachment/5866130/+files/lp2103623_jammy.debdiff
** Also affects: sssd (Ubuntu Jammy)
Importance: Undecided
Status: New
libpam-sss/jammy-proposed,now 2.6.3-1ubuntu3.5 amd64 [installed]
ran tests using sudo without KRB5CCNAME set, and now functions as
expected.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103623
Titl
tested and working from proposed!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103623
Title:
pam_sss_gss fails to work when KRB5CCNAME is not set
To manage notifications about this bug go to:
htt
Hello Karl, or anyone else affected,
Accepted sssd into jammy-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/sssd/2.6.3-1ubuntu3.5
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubu
Test setup:
# bind system to KDC (ie. AD)
# ensure the system for kerberos (make sure you can kinit as your user)
# add the following to the pam-auth-update templates
(/usr/share/pam-configs/sss-gssapi) (note I added debug to increase verbosity
for this test, this is not needed for general use)
Thanks. All I need is the good test outcome, making clear the KRB5CCNAME
variable is unset, added to the [ test plan ] part of the description of
this bug. I'm wary of copy & pasting your comments into that section,
because I haven't run this myself, and don't want to "put words in
someone else's m
yes, sorry.
add to /etc/sssd/sssd.conf in the [pam] seciton:
pam_response_filter = ENV:KRB5CCNAME
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103623
Title:
pam_sss_gss fails to work when KRB5CC
or unset the var. either way.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103623
Title:
pam_sss_gss fails to work when KRB5CCNAME is not set
To manage notifications about this bug go to:
https:/
In this test:
> Testing that pam_sss_gss.so is properly authing:
> # login as your user, view (or gain) kerberos credentials (klist to verify
> valid ccache, kinit to gain creds if needed)
> # run sudo -i or sudo [command]. this should execute the sudo without issue
>
> eg:
> user1@working-host1:
Note the failure mode is shown above. the extra logging in the
description of the template is the failure mode.
Test setup:
# bind system to KDC (ie. AD)
# ensure the system for kerberos (make sure you can kinit as your user)
# add the following to the pam-auth-update templates
(/usr/share/pam-
Sure can! I can provide Pam-with-update config, test instructions and
debug output. Some of that is above, but please give me a day or so to
generate.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/21
We have to be specially careful to avoid sssd regressions. I see that
pam_sss_gss is not used by default in the packaging, and has to be
enabled manually, so that's a plus side. Too bad we don't have a dep8
test for it, but we do for the other cases, and can then rely on their
results to catch regr
This has been sponsored to jammy.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103623
Title:
pam_sss_gss fails to work when KRB5CCNAME is not set
To manage notifications about this bug go to:
htt
** Description changed:
- The trend for krb ccaches is to not use/set a KRB5CCNAME on login.
+ [Impact]
- Ubuntu 22.04 is unable to perform authentication using the pam_sss_gss
- when a valid ccache is setup with credentials.
+ If you don't set KRB5CCNAME for the current user on login, pam_sss_
18 matches
Mail list logo
