Ubuntu
sssd package

The documented DEFCCNAME is not the actual credential cache name

Bug #2012140 reported by Karl O. Pinc
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
krb5 (Debian)
Fix Released
Unknown
sssd (Ubuntu)
Triaged
Low
Unassigned

Bug Description

The krb5 documentation says that DEFCCNAME is /tmp/krb5cc_%{uid}. But actual credential cache file names look like: /tmp/krb5cc_127408622_wH2NwY

Setting [libdefaults] default_ccache_name to krb5cc_%{uid} in /etc/krb5.conf produces the expected credential cache file.

Unless you know this, using "mutiuser" in fstab with cifs/samba/smb mounts is nigh impossible.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: krb5-user 1.19.2-2ubuntu0.1
ProcVersionSignature: Ubuntu 5.15.0-67.74-generic 5.15.85
Uname: Linux 5.15.0-67-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckResult: pass
Date: Sat Mar 18 17:33:32 2023
InstallationDate: Installed on 2023-03-09 (9 days ago)
InstallationMedia: Ubuntu-Server 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230217.1)
ProcEnviron:
 SHELL=/bin/bash
 LANG=en_US.UTF-8
 TERM=xterm-256color
 PATH=(custom, no user)
SourcePackage: krb5
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Karl O. Pinc (kop) wrote :
Revision history for this message
Karl O. Pinc (kop) wrote :

See also: bug #2012143 bug #2012145 bug #2012147

Revision history for this message
Karl O. Pinc (kop) wrote : Close this bug?

Hi,

Looks like the "problem" is that pam_sss is
changing the credential cache file name and
setting $KRB5CCNAME. Further information in:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033164

Note that neither pam_sss(8) not pam_sss_gss(8) mention this,
but that is a different bug.

Regards,

Karl <email address hidden>
Free Software: "You don't pay back, you pay forward."
                 -- Robert A. Heinlein

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for taking the time to report the bug.

I am going to reassign the bug to sssd, and set its priority to low. Feel free to file a bug against Debian's sssd package (which is where this problem should be addressed, IMHO). Thanks.

affects: krb5 (Ubuntu) → sssd (Ubuntu)
Changed in sssd (Ubuntu):
status: New → Triaged
importance: Undecided → Low
Revision history for this message
Karl O. Pinc (kop) wrote : Re: [Bug 2012140] Re: The documented DEFCCNAME is not the actual credential cache name

On Wed, 22 Mar 2023 12:58:26 -0000
Sergio Durigan Junior <email address hidden> wrote:

> I am going to reassign the bug to sssd, and set its priority to low.
> Feel free to file a bug against Debian's sssd package (which is where
> this problem should be addressed, IMHO).

Thanks for reassigning to sssd and thanks for the help.

Regards,

Karl <email address hidden>
Free Software: "You don't pay back, you pay forward."
                 -- Robert A. Heinlein

Bug Watch Updater (bug-watch-updater)
Changed in krb5 (Debian):
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.