The pam error:
sssd_pam runs as root but dropped its capability CAP_DAC_OVERRIDE.
before it restarts, we changed the file/directory owner in the postinst script
to sssd.
when it restarts, atexit calls unlink() to the file, but now the uid doesn't
match.
79492 --- SIGTERM {si_signo=SIGTERM, si_code=SI_USER, si_pid=280, si_uid=0} ---
[...]
79492 unlink("/var/lib/sss/pubconf/pam_preauth_available") = -1 EACCES
(Permission denied)
79492 write(0, "(2026-03-17 15:33:07): [pam] [cl"..., 176) = 176
-> fix by stopping the service before the permission changes.
The krb5_kpasswd option error seems overly verbose, since the condition is this:
const char *primary_servers = option(krb5_kpasswd);
if (primary_servers == NULL && kdc_servers != NULL) {
DEBUG(SSSDBG_FATAL_FAILURE, "Missing krb5_kpasswd option and KDC set "
"explicitly, will use KDC for password change operations!\n");
ctx->kpasswd_service = NULL;
}
and according to man 5 sssd-krb5:
krb5_kpasswd, krb5_backup_kpasswd (string)
If the change password service is not running on the KDC,
alternative servers can be defined here. An optional port number (preceded by a
colon) may be appended to the addresses or hostnames.
Default: Use the KDC
so i think this is not an error, but too verbose. reported upstream:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2142140
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2142140
Title:
rootless sssd upgrade issues
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2142140/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
