** Description changed: Known upstream bug, see: https://bugzilla.redhat.com/show_bug.cgi?id=811518 Quoting from the upstream description: "If krb5_canonicalize is not present or is True in sssd.conf, then sssd asks krb5_get_init_creds_keytab() to canonicalize principals. This can change the client principal. When writing out the credential cache, we should use this changed principal, and not the original one. Failure to do this results in errors when LDAP tries to use the credential cache." - In our case, setting "krb5_canonicalize = false" in sssd.conf solved the - issue, but according to `man 5 sssd-krb5` it should be false by default: + In our case, setting "krb5_canonicalize = false" in sssd.conf worked + around the issue, but according to `man 5 sssd-krb5` it should be false + by default: "krb5_canonicalize (boolean) - Specifies if the host and user principal should be canonicalized. This - feature is available with MIT Kerberos >= 1.7 + Specifies if the host and user principal should be canonicalized. This + feature is available with MIT Kerberos >= 1.7 Default: false"
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/985031 Title: Invalid cache file created when canoning principals during krb5_get_init_creds_keytab() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/985031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
