ehlo, I realized that it might be better to discuss it here rather then in pull requests because it seems to be related to two different commits.
I will describe a test case on master with already created replica on another host. * kinit as admin // create user with dummy password * echo $dummypw | ipa user-add $login --first "$firstname" --last "$lastname" \ --password // adding sleep think that first kinit hits slave sometimes and the user is // not replicated yet. * sleep 2 * FirstKinitAs $login $dummypw $password FirstKinitAs is a bash function which change initial password something like: echo -e "$password\n$newpassword\n$newpassword" | kinit -V $username Such test works reliably with 1.15.3 and kinit always talk to local master (I didn't try to remove sleep 2) But situation changed a little bit with git master due to following commits IPA: Only generate kdcinfo files on clients https://pagure.io/SSSD/sssd/c/a309525cc47da726461aec1f238165c17aade2a6 localauth plugin: change return code of sss_an2ln https://pagure.io/SSSD/sssd/c/3f94a979eebd1c9496b49b4e07b7823550dec97e It is enough to revert just one of these patches and situation is back stable BTW failure is not 100% reliable but it happens quite often 40-60% of cases. And I think kinit on IPA server should always talk to local KDC unless it is down. Attaching two logs with KRB5TRACE + SSSD_KRB5_LOCATOR_DEBUG LS
-------------------------- Added user "selfservuser1" -------------------------- User login: selfservuser1 First name: first Last name: last Full name: first last Display name: first last Initials: fl Home directory: /home/selfservuser1 GECOS: first last Login shell: /bin/sh Principal name: selfservus...@testrelm.test Principal alias: selfservus...@testrelm.test Email address: selfservus...@testrelm.test UID: 1739200021 GID: 1739200021 Password: True Member of groups: ipausers Kerberos keys available: True :: [ PASS ] :: add test user account (Expected 0, got 0) :: [ BEGIN ] :: Running 'FirstKinitAs selfservuser1 dummy...@ipa.com passw0rd1' [2008] 1504979429.356684: Destroying ccache KEYRING:persistent:0:0 Using default cache: persistent:0:0 Using principal: selfservus...@testrelm.test [2010] 1504979429.362816: Getting initial credentials for selfservus...@testrelm.test [2010] 1504979429.364886: Sending request (183 bytes) to TESTRELM.TEST [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] Found [10.19.41.54] in [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST]. [sssd_krb5_locator] sssd_realm[TESTRELM.TEST] requested realm[TESTRELM.TEST] family[0] socktype[2] locate_service[1] [sssd_krb5_locator] addr[10.19.41.54:88] family[2] socktype[2] [sssd_krb5_locator] [10.19.41.54] used [sssd_krb5_locator] sssd_realm[TESTRELM.TEST] requested realm[TESTRELM.TEST] family[0] socktype[1] locate_service[1] [sssd_krb5_locator] addr[10.19.41.54:88] family[2] socktype[1] [sssd_krb5_locator] [10.19.41.54] used [sssd_krb5_locator] sssd_krb5_locator_close called [2010] 1504979429.365050: Initiating TCP connection to stream 10.19.41.54:88 [2010] 1504979429.365114: Sending TCP request to stream 10.19.41.54:88 [2010] 1504979429.366775: Received answer (186 bytes) from stream 10.19.41.54:88 [2010] 1504979429.366783: Terminating TCP connection to stream 10.19.41.54:88 [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] Found [10.19.41.54] in [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST]. [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kpasswdinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] reading kpasswd address failed, using kdc address. [sssd_krb5_locator] sssd_realm[TESTRELM.TEST] requested realm[TESTRELM.TEST] family[0] socktype[1] locate_service[2] [sssd_krb5_locator] addr[10.19.41.54:88] family[2] socktype[1] [sssd_krb5_locator] [10.19.41.54] used [sssd_krb5_locator] sssd_krb5_locator_close called [2010] 1504979429.366833: Response was from master KDC [2010] 1504979429.366849: Received error from KDC: -1765328361/Password has expired [2010] 1504979429.366866: Principal expired; getting changepw ticket [2010] 1504979429.366871: Getting initial credentials for selfservus...@testrelm.test [2010] 1504979429.366885: Setting initial creds service to kadmin/changepw [2010] 1504979429.366901: Sending request (178 bytes) to TESTRELM.TEST (master) [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] Found [10.19.41.54] in [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST]. [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kpasswdinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] reading kpasswd address failed, using kdc address. [sssd_krb5_locator] sssd_realm[TESTRELM.TEST] requested realm[TESTRELM.TEST] family[0] socktype[2] locate_service[2] [sssd_krb5_locator] addr[10.19.41.54:88] family[2] socktype[2] [sssd_krb5_locator] [10.19.41.54] used [sssd_krb5_locator] sssd_realm[TESTRELM.TEST] requested realm[TESTRELM.TEST] family[0] socktype[1] locate_service[2] [sssd_krb5_locator] addr[10.19.41.54:88] family[2] socktype[1] [sssd_krb5_locator] [10.19.41.54] used [sssd_krb5_locator] sssd_krb5_locator_close called [2010] 1504979429.366951: Initiating TCP connection to stream 10.19.41.54:88 [2010] 1504979429.366980: Sending TCP request to stream 10.19.41.54:88 [2010] 1504979429.369031: Received answer (308 bytes) from stream 10.19.41.54:88 [2010] 1504979429.369038: Terminating TCP connection to stream 10.19.41.54:88 [2010] 1504979429.369064: Received error from KDC: -1765328359/Additional pre-authentication required [2010] 1504979429.369083: Processing preauth types: 16, 15, 14, 136, 19, 147, 2, 133 [2010] 1504979429.369094: Selected etype info: etype aes256-cts, salt "g3,cY9a!,]I#?!mP", params "" [2010] 1504979429.369096: Received cookie: MIT [2010] 1504979429.369111: PKINIT client has no configured identity; giving up [2010] 1504979429.369123: Preauth module pkinit (147) (info) returned: 0/Success [2010] 1504979429.369130: PKINIT client has no configured identity; giving up [2010] 1504979429.369134: Preauth module pkinit (16) (real) returned: 22/Invalid argument [2010] 1504979429.369139: PKINIT client has no configured identity; giving up [2010] 1504979429.369143: Preauth module pkinit (14) (real) returned: 22/Invalid argument [2010] 1504979429.369148: PKINIT client has no configured identity; giving up [2010] 1504979429.369157: Preauth module pkinit (14) (real) returned: 22/Invalid argument Password for selfservus...@testrelm.test: [2010] 1504979429.377997: AS key obtained for encrypted timestamp: aes256-cts/15DF [2010] 1504979429.378038: Encrypted timestamp (for 1504979429.377885): plain 301AA011180F32303137303930393137353032395AA105020305C41D, encrypted 724A100FDF786F4B706BEF70A1017CABF3825B16F5111CE381D1C02ECFAF081A75CB0E1B0140709720FE77E1C124344DDFF788DDA1DBBD0D [2010] 1504979429.378048: Preauth module encrypted_timestamp (2) (real) returned: 0/Success [2010] 1504979429.378051: Produced preauth for next request: 133, 2 [2010] 1504979429.378060: Sending request (273 bytes) to TESTRELM.TEST (master) [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] Found [10.19.41.54] in [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST]. [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kpasswdinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] reading kpasswd address failed, using kdc address. [sssd_krb5_locator] sssd_realm[TESTRELM.TEST] requested realm[TESTRELM.TEST] family[0] socktype[2] locate_service[2] [sssd_krb5_locator] addr[10.19.41.54:88] family[2] socktype[2] [sssd_krb5_locator] [10.19.41.54] used [sssd_krb5_locator] sssd_realm[TESTRELM.TEST] requested realm[TESTRELM.TEST] family[0] socktype[1] locate_service[2] [sssd_krb5_locator] addr[10.19.41.54:88] family[2] socktype[1] [sssd_krb5_locator] [10.19.41.54] used [sssd_krb5_locator] sssd_krb5_locator_close called [2010] 1504979429.378117: Initiating TCP connection to stream 10.19.41.54:88 [2010] 1504979429.378151: Sending TCP request to stream 10.19.41.54:88 [2010] 1504979429.380629: Received answer (744 bytes) from stream 10.19.41.54:88 [2010] 1504979429.380650: Terminating TCP connection to stream 10.19.41.54:88 [2010] 1504979429.380684: Processing preauth types: 19 [2010] 1504979429.380690: Selected etype info: etype aes256-cts, salt "g3,cY9a!,]I#?!mP", params "" [2010] 1504979429.380693: Produced preauth for next request: (empty) [2010] 1504979429.380704: AS key determined by preauth: aes256-cts/15DF [2010] 1504979429.380753: Decrypted AS reply; session key is: aes256-cts/0DC0 [2010] 1504979429.380766: FAST negotiation: available [2010] 1504979429.380792: Attempting password change; 3 tries remaining Password expired. You must change it now. Enter new password: Enter it again: [2010] 1504979429.380839: Creating authenticator for selfservus...@testrelm.test -> kadmin/chang...@testrelm.test, seqnum 0, subkey aes256-cts/25FC, session key aes256-cts/0DC0 [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] Found [10.19.41.54] in [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST]. [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kpasswdinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] reading kpasswd address failed, using kdc address. [sssd_krb5_locator] sssd_realm[TESTRELM.TEST] requested realm[TESTRELM.TEST] family[0] socktype[2] locate_service[5] [sssd_krb5_locator] addr[10.19.41.54:464] family[2] socktype[2] [sssd_krb5_locator] [10.19.41.54] used [sssd_krb5_locator] sssd_realm[TESTRELM.TEST] requested realm[TESTRELM.TEST] family[0] socktype[1] locate_service[5] [sssd_krb5_locator] addr[10.19.41.54:464] family[2] socktype[1] [sssd_krb5_locator] [10.19.41.54] used [sssd_krb5_locator] sssd_krb5_locator_close called [2010] 1504979429.380951: Sending initial UDP request to dgram 10.19.41.54:464 [2010] 1504979429.412096: Received answer (236 bytes) from dgram 10.19.41.54:464 [2010] 1504979429.412179: Read AP-REP, time 1504979429.380843, subkey aes256-cts/25FC, seqnum 534540384 [2010] 1504979429.412213: Getting initial TGT with changed password [2010] 1504979429.412220: Getting initial credentials for selfservus...@testrelm.test [2010] 1504979429.412279: Sending request (183 bytes) to TESTRELM.TEST (master) [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] Found [10.19.41.54] in [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST]. [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kpasswdinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] reading kpasswd address failed, using kdc address. [sssd_krb5_locator] sssd_realm[TESTRELM.TEST] requested realm[TESTRELM.TEST] family[0] socktype[2] locate_service[2] [sssd_krb5_locator] addr[10.19.41.54:88] family[2] socktype[2] [sssd_krb5_locator] [10.19.41.54] used [sssd_krb5_locator] sssd_realm[TESTRELM.TEST] requested realm[TESTRELM.TEST] family[0] socktype[1] locate_service[2] [sssd_krb5_locator] addr[10.19.41.54:88] family[2] socktype[1] [sssd_krb5_locator] [10.19.41.54] used [sssd_krb5_locator] sssd_krb5_locator_close called [2010] 1504979429.413245: Initiating TCP connection to stream 10.19.41.54:88 [2010] 1504979429.413512: Sending TCP request to stream 10.19.41.54:88 [2010] 1504979429.416335: Received answer (313 bytes) from stream 10.19.41.54:88 [2010] 1504979429.416343: Terminating TCP connection to stream 10.19.41.54:88 [2010] 1504979429.416387: Received error from KDC: -1765328359/Additional pre-authentication required [2010] 1504979429.416421: Processing preauth types: 16, 15, 14, 136, 19, 147, 2, 133 [2010] 1504979429.416426: Selected etype info: etype aes256-cts, salt "Py@@RV$)_8syq{7@", params "" [2010] 1504979429.416428: Received cookie: MIT [2010] 1504979429.416445: PKINIT client has no configured identity; giving up [2010] 1504979429.416458: Preauth module pkinit (147) (info) returned: 0/Success [2010] 1504979429.416467: PKINIT client has no configured identity; giving up [2010] 1504979429.416472: Preauth module pkinit (16) (real) returned: 22/Invalid argument [2010] 1504979429.416478: PKINIT client has no configured identity; giving up [2010] 1504979429.416482: Preauth module pkinit (14) (real) returned: 22/Invalid argument [2010] 1504979429.416487: PKINIT client has no configured identity; giving up [2010] 1504979429.416491: Preauth module pkinit (14) (real) returned: 22/Invalid argument [2010] 1504979429.424898: AS key obtained for encrypted timestamp: aes256-cts/D927 [2010] 1504979429.424928: Encrypted timestamp (for 1504979429.424460): plain 301AA011180F32303137303930393137353032395AA1050203067A0C, encrypted A06565BC61A85C400D1C6A392DEE704D8597EA81FCC3FF9CBCAE7FA7E65F9CB145DC92C2985DCA86280176D9B6F4AF3A0CD2F95C097A842D [2010] 1504979429.424935: Preauth module encrypted_timestamp (2) (real) returned: 0/Success [2010] 1504979429.424938: Produced preauth for next request: 133, 2 [2010] 1504979429.424946: Sending request (278 bytes) to TESTRELM.TEST (master) [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] Found [10.19.41.54] in [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST]. [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kpasswdinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] reading kpasswd address failed, using kdc address. [sssd_krb5_locator] sssd_realm[TESTRELM.TEST] requested realm[TESTRELM.TEST] family[0] socktype[2] locate_service[2] [sssd_krb5_locator] addr[10.19.41.54:88] family[2] socktype[2] [sssd_krb5_locator] [10.19.41.54] used [sssd_krb5_locator] sssd_realm[TESTRELM.TEST] requested realm[TESTRELM.TEST] family[0] socktype[1] locate_service[2] [sssd_krb5_locator] addr[10.19.41.54:88] family[2] socktype[1] [sssd_krb5_locator] [10.19.41.54] used [sssd_krb5_locator] sssd_krb5_locator_close called [2010] 1504979429.424998: Initiating TCP connection to stream 10.19.41.54:88 [2010] 1504979429.425026: Sending TCP request to stream 10.19.41.54:88 [2010] 1504979429.430744: Received answer (755 bytes) from stream 10.19.41.54:88 [2010] 1504979429.430752: Terminating TCP connection to stream 10.19.41.54:88 [2010] 1504979429.430796: Processing preauth types: 19 [2010] 1504979429.430803: Selected etype info: etype aes256-cts, salt "Py@@RV$)_8syq{7@", params "" [2010] 1504979429.430807: Produced preauth for next request: (empty) [2010] 1504979429.430812: AS key determined by preauth: aes256-cts/D927 [2010] 1504979429.430840: Decrypted AS reply; session key is: aes256-cts/B4D9 [2010] 1504979429.430849: FAST negotiation: available [2010] 1504979429.430871: Initializing KEYRING:persistent:0:0 with default princ selfservus...@testrelm.test [2010] 1504979429.430918: Storing selfservus...@testrelm.test -> krbtgt/testrelm.t...@testrelm.test in KEYRING:persistent:0:0 [2010] 1504979429.430949: Storing config in KEYRING:persistent:0:0 for krbtgt/testrelm.t...@testrelm.test: fast_avail: yes [2010] 1504979429.430962: Storing selfservus...@testrelm.test -> krb5_ccache_conf_data/fast_avail/krbtgt\/TESTRELM.TEST\@TESTRELM.TEST@X-CACHECONF: in KEYRING:persistent:0:0 [2010] 1504979429.430988: Storing config in KEYRING:persistent:0:0 for krbtgt/testrelm.t...@testrelm.test: pa_type: 2 [2010] 1504979429.430996: Storing selfservus...@testrelm.test -> krb5_ccache_conf_data/pa_type/krbtgt\/TESTRELM.TEST\@TESTRELM.TEST@X-CACHECONF: in KEYRING:persistent:0:0 Authenticated to Kerberos v5 Default principal: selfservus...@testrelm.test :: [ 13:50:29 ] :: kinit as selfservuser1 with new password passw0rd1 was successful.
-------------------------- Added user "selfservuser1" -------------------------- User login: selfservuser1 First name: first Last name: last Full name: first last Display name: first last Initials: fl Home directory: /home/selfservuser1 GECOS: first last Login shell: /bin/sh Principal name: selfservus...@testrelm.test Principal alias: selfservus...@testrelm.test Email address: selfservus...@testrelm.test UID: 1033600021 GID: 1033600021 Password: True Member of groups: ipausers Kerberos keys available: True :: [ PASS ] :: add test user account (Expected 0, got 0) :: [ BEGIN ] :: Running 'FirstKinitAs selfservuser1 dummy...@ipa.com passw0rd1' [2085] 1504880246.717409: Destroying ccache KEYRING:persistent:0:0 Using default cache: persistent:0:0 Using principal: selfservus...@testrelm.test [2087] 1504880246.723854: Getting initial credentials for selfservus...@testrelm.test [2087] 1504880246.725923: Sending request (183 bytes) to TESTRELM.TEST [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] get_krb5info failed. [sssd_krb5_locator] sssd_krb5_locator_close called [2087] 1504880246.726052: Resolving hostname kvm-02-guest23.testrelm.test [2087] 1504880246.726388: Initiating TCP connection to stream 10.16.68.129:88 [2087] 1504880246.726467: Sending TCP request to stream 10.16.68.129:88 [2087] 1504880246.728536: Received answer (186 bytes) from stream 10.16.68.129:88 [2087] 1504880246.728544: Terminating TCP connection to stream 10.16.68.129:88 [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] get_krb5info failed. [sssd_krb5_locator] sssd_krb5_locator_close called [2087] 1504880246.728603: Response was from master KDC [2087] 1504880246.728636: Received error from KDC: -1765328361/Password has expired [2087] 1504880246.728655: Principal expired; getting changepw ticket [2087] 1504880246.728661: Getting initial credentials for selfservus...@testrelm.test [2087] 1504880246.728676: Setting initial creds service to kadmin/changepw [2087] 1504880246.728693: Sending request (178 bytes) to TESTRELM.TEST (master) [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] get_krb5info failed. [sssd_krb5_locator] sssd_krb5_locator_close called [2087] 1504880246.728709: Resolving hostname kvm-02-guest23.testrelm.test [2087] 1504880246.728780: Initiating TCP connection to stream 10.16.68.129:88 [2087] 1504880246.728811: Sending TCP request to stream 10.16.68.129:88 [2087] 1504880246.730875: Received answer (308 bytes) from stream 10.16.68.129:88 [2087] 1504880246.730882: Terminating TCP connection to stream 10.16.68.129:88 [2087] 1504880246.730906: Received error from KDC: -1765328359/Additional pre-authentication required [2087] 1504880246.730925: Processing preauth types: 16, 15, 14, 136, 19, 147, 2, 133 [2087] 1504880246.730936: Selected etype info: etype aes256-cts, salt "IW9`+Bl+'dxuYHbk", params "" [2087] 1504880246.730939: Received cookie: MIT [2087] 1504880246.730952: PKINIT client has no configured identity; giving up [2087] 1504880246.730965: Preauth module pkinit (147) (info) returned: 0/Success [2087] 1504880246.730971: PKINIT client has no configured identity; giving up [2087] 1504880246.730982: Preauth module pkinit (16) (real) returned: 22/Invalid argument [2087] 1504880246.730987: PKINIT client has no configured identity; giving up [2087] 1504880246.730991: Preauth module pkinit (14) (real) returned: 22/Invalid argument [2087] 1504880246.730995: PKINIT client has no configured identity; giving up [2087] 1504880246.730999: Preauth module pkinit (14) (real) returned: 22/Invalid argument Password for selfservus...@testrelm.test: [2087] 1504880246.740078: AS key obtained for encrypted timestamp: aes256-cts/499B [2087] 1504880246.740125: Encrypted timestamp (for 1504880246.739952): plain 301AA011180F32303137303930383134313732365AA10502030B4A70, encrypted B551CD21FE48C30DA246AB740E90048E2A38C4288EB6DEFD9D139937EFFACC074D1EDD786E1E201BB1690EF483BECD0EC98387E62DA2E274 [2087] 1504880246.740153: Preauth module encrypted_timestamp (2) (real) returned: 0/Success [2087] 1504880246.740156: Produced preauth for next request: 133, 2 [2087] 1504880246.740169: Sending request (273 bytes) to TESTRELM.TEST (master) [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] get_krb5info failed. [sssd_krb5_locator] sssd_krb5_locator_close called [2087] 1504880246.740201: Resolving hostname kvm-02-guest23.testrelm.test [2087] 1504880246.740342: Initiating TCP connection to stream 10.16.68.129:88 [2087] 1504880246.740393: Sending TCP request to stream 10.16.68.129:88 [2087] 1504880246.743192: Received answer (744 bytes) from stream 10.16.68.129:88 [2087] 1504880246.743199: Terminating TCP connection to stream 10.16.68.129:88 [2087] 1504880246.743233: Processing preauth types: 19 [2087] 1504880246.743240: Selected etype info: etype aes256-cts, salt "IW9`+Bl+'dxuYHbk", params "" [2087] 1504880246.743243: Produced preauth for next request: (empty) [2087] 1504880246.743249: AS key determined by preauth: aes256-cts/499B [2087] 1504880246.743285: Decrypted AS reply; session key is: aes256-cts/756D [2087] 1504880246.743325: FAST negotiation: available [2087] 1504880246.743360: Attempting password change; 3 tries remaining Password expired. You must change it now. Enter new password: Enter it again: [2087] 1504880246.743415: Creating authenticator for selfservus...@testrelm.test -> kadmin/chang...@testrelm.test, seqnum 0, subkey aes256-cts/583E, session key aes256-cts/756D [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] get_krb5info failed. [sssd_krb5_locator] sssd_krb5_locator_close called [2087] 1504880246.743980: Resolving hostname ibm-x3650m4-01-vm-05.testrelm.test. [2087] 1504880246.744368: Sending initial UDP request to dgram 2620:52:0:102f:5054:1ff:fe3c:e12d:464 [2087] 1504880246.813550: Received answer (248 bytes) from dgram 2620:52:0:102f:5054:1ff:fe3c:e12d:464 [2087] 1504880246.813683: Read AP-REP, time 1504880246.743419, subkey aes256-cts/583E, seqnum 1071928275 [2087] 1504880246.813717: Getting initial TGT with changed password [2087] 1504880246.813723: Getting initial credentials for selfservus...@testrelm.test [2087] 1504880246.813784: Sending request (183 bytes) to TESTRELM.TEST (master) [sssd_krb5_locator] sssd_krb5_locator_init called [sssd_krb5_locator] open failed [/var/lib/sss/pubconf/kdcinfo.TESTRELM.TEST][2][No such file or directory]. [sssd_krb5_locator] get_krb5info failed. [sssd_krb5_locator] sssd_krb5_locator_close called [2087] 1504880246.813835: Resolving hostname kvm-02-guest23.testrelm.test [2087] 1504880246.814002: Initiating TCP connection to stream 10.16.68.129:88 [2087] 1504880246.814048: Sending TCP request to stream 10.16.68.129:88 [2087] 1504880246.816774: Received answer (186 bytes) from stream 10.16.68.129:88 [2087] 1504880246.816781: Terminating TCP connection to stream 10.16.68.129:88 [2087] 1504880246.816811: Received error from KDC: -1765328361/Password has expired kinit: Password has expired while getting initial credentials klist: Credentials cache keyring 'persistent:0:0' not found :: [ 10:17:26 ] :: ERROR: kinit as selfservuser1 with new password passw0rd1 failed. :: [ FAIL ] :: Command 'FirstKinitAs selfservuser1 dummy...@ipa.com passw0rd1' (Expected 0, got 1)
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org