Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sssd_be should hint about increasing the krb5_auth_timeout if krb5 auth times out #3244

Closed
sssd-bot opened this issue May 2, 2020 · 0 comments
Labels
Bugzilla Closed: Fixed Issue was closed as fixed.

Comments

@sssd-bot
Copy link

sssd-bot commented May 2, 2020

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2202


Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1054899

Created attachment 851732
domain log for non-primary(user1_dom3) user login

Description of problem:
sssd goes offline on login for users from subdomains

Version-Release number of selected component (if applicable):
1.11.2-27.el7

How reproducible:
Always

Steps to Reproduce:
1. Try to login as a user from the primary domain
# time ssh -l user1_dom1@sssdad.com localhost
user1_dom1@sssdad.com@localhost's password:
[user1_dom1@sssdad.com@amd-pike-05 ~]$ logout
Connection to localhost closed.

real    0m16.057s

2. Try to login as a user from a child domain
# time ssh -l user1_dom3@child1.sssdad.com localhost
user1_dom3@child1.sssdad.com@localhost's password:
Permission denied, please try again.
user1_dom3@child1.sssdad.com@localhost's password:


real    0m28.623s
user    0m0.020s
sys     0m0.012s


Actual results:
sssd goes offline with login to users from non-primary domains

See attached domain logs for login to a primary user(user1_dom1) and
non-primary user(user1_dom3)

Comments


Comment from jhrozek at 2014-01-20 23:07:50

See the discussion in the BZ. What Kaushik wanted was to amend the DEBUG message to hint that raising the timeout might be a good idea. I'm not sure about sss_log, that seems like too much, but maybe using some higher log level (IIRC we have something like IMPORTANT_INFO) would work.

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => preichl
review: True => 0
selected: =>
testsupdated: => 0


Comment from jhrozek at 2014-01-22 23:13:36


Comment from jhrozek at 2014-01-22 23:14:19

I'll leave the ticket open so it's properly triaged


Comment from lslebodn at 2014-01-23 14:28:11

Fields changed

patch: 0 => 1


Comment from dpal at 2014-01-23 14:59:09

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.4


Comment from jhrozek at 2014-01-24 13:33:47

resolution: => fixed
status: new => closed


Comment from jhrozek at 2014-02-17 20:28:25

Fields changed

changelog: => See the description and title. Minor enhancement that hints what parameter should the admin increase when Kerberos authentication keeps timing out.


Comment from jhrozek at 2017-02-24 15:01:54

Metadata Update from @jhrozek:

  • Issue assigned to preichl
  • Issue set to the milestone: SSSD 1.11.4
@sssd-bot sssd-bot added Bugzilla Closed: Fixed Issue was closed as fixed. labels May 2, 2020
@sssd-bot sssd-bot closed this as completed May 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bugzilla Closed: Fixed Issue was closed as fixed.
Projects
None yet
Development

No branches or pull requests

1 participant