-
Story
-
Resolution: Unresolved
-
Critical
-
rhel-9.0.0
-
samba-4.21.1-4.el9
-
sst_idm_sssd
-
ssg_idm
-
1
-
False
-
-
None
-
None
-
Pass
-
RegressionOnly
-
If docs needed, set a value
-
-
Unspecified
-
None
Description of problem:
Current, when automatically updating the machine account password winbind only add the new password to the secrets.tdb but does not update the Kerberos keys in the keytab which are derived from the machine account password. As a result, after the update the keytab entries can neither be used for authentication nor to uncrypt and verify server tickets.
If 'kerberos method = secrets and keytab' (and maybe for 'system keytab' or 'dedicated keytab' as well?) winbind should create new entries in the keytab with updated KVNO and new hashes derived from the new machine account password.
Upstream ticket: https://bugzilla.samba.org/show_bug.cgi?id=6750
- blocks
-
RHEL-2213 net offlinejoin requestodj segfaults when kerberos method = secrets and keytab
- Planning
- external trackers
- links to
-
RHBA-2024:141068 samba update