On (11/11/14 13:45), Jakub Hrozek wrote: >On Tue, Nov 11, 2014 at 11:15:30AM +0100, Jakub Hrozek wrote: >> Can you give me access to a host that reproduces this crash? ccname >> should never be NULL with the new patches ... > >..except on access_provider=krb5... > >Thanks for catching that, new patches are attached.
There is problem with support of enterprise principals. authentication for such users failed. >From 13a1171ad66456d4045159ed1b675099be84c55a Mon Sep 17 00:00:00 2001 >From: Jakub Hrozek <jhro...@redhat.com> >Date: Sat, 18 Oct 2014 22:03:13 +0200 >Subject: [PATCH 5/6] KRB5: Move all ccache operations to krb5_child.c > >The credential cache operations must be now performed by the krb5_child >completely, because the sssd_be process might be running as the sssd >user who doesn't have access to the ccaches. > >src/providers/krb5/krb5_ccache.c is still linked against libsss_krb5 >until we fix Kerberos ticket renewal as non-root. > >Also includes a new error code that indicates that the back end should >remove the old ccache attribute -- the child can't do that if it's >running as the user. >--- > Makefile.am | 14 +- > src/providers/krb5/krb5_auth.c | 222 ++++---------------------------- > src/providers/krb5/krb5_child.c | 209 ++++++++++++++++++++++++++++-- > src/providers/krb5/krb5_child_handler.c | 13 ++ > src/tests/krb5_child-test.c | 3 +- > src/util/util_errors.c | 1 + > src/util/util_errors.h | 1 + > 7 files changed, 257 insertions(+), 206 deletions(-) > >diff --git a/Makefile.am b/Makefile.am >index >41b1843baee41ea8a67eb47e6786286190bbdcb9..c6601468e79244aad0a1bb8d7c87190aad9ef61a > 100644 >--- a/Makefile.am >+++ b/Makefile.am >@@ -1604,6 +1604,7 @@ krb5_child_test_SOURCES = \ > src/providers/krb5/krb5_child_handler.c \ > src/providers/krb5/krb5_common.c \ > src/util/sss_krb5.c \ >+ src/util/find_uid.c \ > src/providers/data_provider_fo.c \ > src/providers/data_provider_opts.c \ > src/providers/data_provider_callbacks.c \ This change is not necessary and, because krb5_child test is already linked with libsss_util, which contains this file. Moreover, this change caused compilation failures on platforms with disabled link_all_deplibs. CCLD krb5-child-test /usr/bin/ld: src/util/krb5_child_test-find_uid.o: undefined reference to symbol 'sd_uid_get_sessions@@LIBSYSTEMD_209' /lib64/libsystemd.so.0: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel