On Tue, Jun 25, 2013 at 02:05:52PM +0200, Jakub Hrozek wrote: > On Tue, Jun 25, 2013 at 11:25:32AM +0200, Sumit Bose wrote: > > On Mon, Jun 24, 2013 at 06:22:35PM +0200, Jakub Hrozek wrote: > > > On Mon, Jun 24, 2013 at 04:28:10PM +0100, David Woodhouse wrote: > > > > On Mon, 2013-06-24 at 17:01 +0200, Jakub Hrozek wrote: > > > > > On Mon, Jun 24, 2013 at 04:59:33PM +0200, Jakub Hrozek wrote: > > > > > > On Mon, Jun 24, 2013 at 04:23:46PM +0200, Sumit Bose wrote: > > > > > > > Hi, > > > > > > > > > > > > > > David Woodhouse identified an issue with Kerberos ticket renewal. > > > > > > > Attached two patches fix two issues related to the authtok > > > > > > > refactoring > > > > > > > which make renewal for me working again. > > > > > > > > > > > > > > bye, > > > > > > > Sumit > > > > > > > > > > > > Works for me, too. Ack. > > > > > > > > > > Pushed both to master. > > > > > > > > An improvement, but still not working. > > > > > > > > Firstly I have to revert commit 3438815242464a963c0d3a70f16579723a20b52d > > > > ("LDAP: Retry SID search based on result of LDAP search, not the return > > > > code") because otherwise I can't log in at all (I sent logs in private > > > > mail). > > > > > > > > > > The login failure is not related to the commit per se, the commit is > > > actually correct and gets you further in the login process, but then you > > > hit the old bug with the referral. I'm still not quite sure why SSSD > > > decided to contact LDAP there and not the GC. > > > > > > > Then it does actually seem to be *trying* to renew, but I get the > > > > following: > > > > > > > > > > [snip] > > > > > > > FWIW running 'kinit -R' manually does work. > > > > > > As discussed on #sssd, this is a bug in how we renew enterprise > > > principals. > > > > The attached patch should fix the issue by not using enterprise > > principals for renewals. David was so kind to test it and gave positive > > feedback via irc. > > > > bye, > > Sumit > > The code looks good to me and David confirmed off-list that it fixed his > issue, too. > > Ack.
Pushed to master. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel