https://bugzilla.redhat.com/show_bug.cgi?id=2095228
Bug ID: 2095228 Summary: sssd_krb5 2.7.1 crashes "PAC check failed" Product: Fedora Version: 36 Hardware: x86_64 OS: Linux Status: NEW Component: sssd Assignee: sssd-maintainers@lists.fedoraproject.org Reporter: seanmottles@posteo.net QA Contact: extras-qa@fedoraproject.org CC: abokovoy@redhat.com, atikhono@redhat.com, jhrozek@redhat.com, lslebodn@redhat.com, luk.claes@gmail.com, mzidek@redhat.com, pbrezina@redhat.com, sbose@redhat.com, ssorce@redhat.com, sssd-maintainers@lists.fedoraproject.org Target Milestone: --- Classification: Fedora
Created attachment 1888304 --> https://bugzilla.redhat.com/attachment.cgi?id=1888304&action=edit sssd krb5 log file
Description of problem: Attempting to authenticate via password on Fedora 36 host connected to FreeIPA with sssd 2.7.1-1 fails. ID lookups still function as normal.
Version-Release number of selected component (if applicable): sssd-2.7.1-1.fc36
How reproducible: Every attempt.
Steps to Reproduce: 1. Connect host to FreeIPA 2. Attempt to auth FreeIPA user via password 3.
Actual results: "System Error" in /var/log/secure, and "PAC check failed for principal" in /var/log/sssd/krb5_child.log
Expected results: Password auth is functional
Additional info: Downgrading sssd to 2.7.0 resolves the issue and users can login as normal.
https://bugzilla.redhat.com/show_bug.cgi?id=2095228
Iker Pedrosa ipedrosa@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Status|NEW |CLOSED CC| |ipedrosa@redhat.com Doc Type|--- |If docs needed, set a value Last Closed| |2022-06-09 10:54:24
--- Comment #1 from Iker Pedrosa ipedrosa@redhat.com --- As a work-around set
pac_check = check_upn, check_upn_dns_info_ex
in the [pac] section of sssd.conf.
*** This bug has been marked as a duplicate of bug 2094685 ***
sssd-maintainers@lists.fedoraproject.org
-
bugzilla@redhat.com