Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KCM: Fix SSH GSSAPI delegation for the memory back end #5313

Closed
wants to merge 1 commit into from
Closed

KCM: Fix SSH GSSAPI delegation for the memory back end #5313

wants to merge 1 commit into from

Conversation

justin-stephenson
Copy link
Contributor

When GSSAPI credentials are delegated over SSH, the KCM set default ccache operation looks for a ERR_NO_CREDS return code to continue handling the SSH-created ccache correctly.

sssd/src/responder/kcm/kcmsrv_ops.c

Line 1762 in fbc7082

if (ret == ERR_NO_CREDS) {

The memory back end will now return this error code in this situation, matching the default secdb back end. Note we already have a multihost for GSSAPI delegation with the default KCM back end.

The memory back end is only returning ERR_KCM_CC_END, so i'm not sure if we should be returning ERR_KCM_CC_END elsewhere.

@alexey-tikhonov
Copy link
Member

Hi @justin-stephenson,

could you please add link to the ticket this PR resolves?

@justin-stephenson
Copy link
Contributor Author

@alexey-tikhonov hello, there is only a downstream BZ, should I create an associated upstream ticket to link to this PR?

@alexey-tikhonov
Copy link
Member

Yes, please. This is usually done for any non-trivial patch.

@justin-stephenson
KCM: Fix GSSAPI delegation for the memory back end
b93ad04 
When GSSAPI credentials are delegated over SSH, the KCM set default ccache
operation looks for a ERR_NO_CREDS return code to continue handling the
SSH-created ccache correctly. The memory back end will now return this
error code in this situation, matching the default secdb back end.

Resolves: SSSD#5333
@justin-stephenson
Copy link
Contributor Author

Cloned to #5333 and updated the commit message with this number.

@alexey-tikhonov alexey-tikhonov linked an issue Sep 23, 2020 that may be closed by this pull request
sssd-kcm does not store TGT with ssh login using GSSAPI #5333
Closed
@alexey-tikhonov
Copy link
Member

Cloned to #5333 and updated the commit message with this number.

Thank you.

@pbrezina pbrezina self-assigned this Sep 29, 2020
@pbrezina
Copy link
Member

Ack. Thank you.

@pbrezina
Copy link
Member

Pushed PR: #5313

  • master
    • f126afc - KCM: Fix GSSAPI delegation for the memory back end

@pbrezina pbrezina added Pushed and removed Accepted Ready to push Ready to push labels Sep 29, 2020
@pbrezina pbrezina closed this Sep 29, 2020
@pbrezina pbrezina mentioned this pull request Sep 29, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@pbrezina pbrezina

Labels
Pushed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

sssd-kcm does not store TGT with ssh login using GSSAPI
3 participants
@justin-stephenson @alexey-tikhonov @pbrezina