Package: sssd-krb5
Version: 1.16.3-3.2
Severity: important
Dear maintainers,
credential collections of type "DIR:dirname" fail since the directory is
created by sssd-krb5 with broken permissions 0600,
as also mentioned in #977375.
This has already been reported upstream in [0] by another user, and after I
bumped the problem, a patch has been posted at that URL,
which I have tested on top of sssd-1.16.3-3.2 by rebuilding the package with
the patch applied,
configuring /etc/krb5.conf accordingly:
[libdefaults]
...
default_ccache_name = DIR:/tmp/krb5cc_%{uid}
purging all existing such directories and retrying. I can confirm that the
patch works as expected.
The issue is now also reported to upstream's bugtracker[1]
and a PR[2] against their master branch has been made by the patch developer.
Note that the very same patch applies fine against 1.16.3 with slightly
different offsets and was verified as discussed above.
-- System Information
Debian Release: 10.7
Kernel: 4.19.0-13
Architecture: amd64 (x86_64)
[0]
https://lists.fedorahosted.org/archives/list/sssd-us...@lists.fedorahosted.org/thread/3FH5A2M64KKVTPRUCWV4LLGWEYTV7CL5/
[1] https://github.com/SSSD/sssd/issues/5436
[2] https://github.com/SSSD/sssd/pull/5437
