-
Bug
-
Resolution: Done-Errata
-
Normal
-
rhel-9.3.0
-
sssd-2.9.5-1.el9
-
None
-
Moderate
-
rhel-sst-idm-sssd
-
ssg_idm
-
12
-
14
-
0
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
Pass
-
None
-
None
Issue: Errors in krb5_child.log every time a user authenticates - Pre-authentication failed: No pkinit_anchors supplied
NOTE: User authentication is working fine.
Expected results: The krb5_child.log should not contain "Pre-authentication failed: No pkinit_anchors supplied" error after every successful authentication.
Actual results: The logs are filled with these errors:
~~~~
Dec 28 05:00:46 dc01zld0141 krb5_child[1758711]: Pre-authentication failed: No pkinit_anchors supplied
Dec 28 05:00:46 dc01zld0155 krb5_child[1732435]: Pre-authentication failed: No pkinit_anchors supplied
Dec 28 05:00:46 dc01zld0147 krb5_child[657019]: Pre-authentication failed: No pkinit_anchors supplied
Dec 28 05:00:47 dc01zld0148 krb5_child[666607]: Pre-authentication failed: No pkinit_anchors supplied
Dec 28 05:03:51 dc01zld0143 krb5_child[700393]: Pre-authentication failed: No pkinit_anchors supplied
Dec 28 05:03:51 dc01zld0138 krb5_child[1748037]: Pre-authentication failed: No pkinit_anchors supplied
~~~~
Steps Taken:
Added "pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt" line in krb5.conf file.
Now, the following error can be seen in the krb5_child logs:
--------
[112262] 1705492282.364723: PKINIT client has no configured identity; giving up
[112262] 1705492282.364724: PKINIT client has no configured identity; giving up
[112262] 1705492282.364725: Preauth module pkinit (16) (real) returned: 22/Invalid argument
--------
>> How do we get rid of those errors?
- links to
-
RHBA-2024:131669
sssd bug fix and enhancement update
