[Freeipa-users] CRON: Authentication service cannot retrieve authentication info

Dmitri Pal dpal at redhat.com
Tue Apr 14 14:07:33 UTC 2015 

On 04/13/2015 10:41 PM, Thomas Lau wrote:
> Hi,
>
> It's an in-house program which runs on one kerberos user.
You need to look what this program is doing.
I suspect it is doing some sort of kinit itself and does not rely on the 
PAM stack, i.e it bypasses SSSD in the given scenario.
Can this be the case?

>
> On Tue, Apr 14, 2015 at 5:34 AM, Dmitri Pal <dpal at redhat.com> wrote:
>> On 04/13/2015 08:23 AM, Thomas Lau wrote:
>>
>> Hi,
>>
>> These problem appear randomly, sometime it still work even under heavy
>> packet loss, some times would be like this. So its hard to catch.
>>
>> On Apr 13, 2015 3:22 PM, "Jakub Hrozek" <jhrozek at redhat.com> wrote:
>>> On Mon, Apr 13, 2015 at 01:15:09PM +0800, Thomas Lau wrote:
>>>> Hi all,
>>>>
>>>> We have cronjob which running on a FreeIPA LDAP user; When connection
>>>> between IPA server and client having heavy packet loss, following
>>>> error would occur:
>>>>
>>>> CRON[20637]: Authentication service cannot retrieve authentication info
>>>>
>>>> I have cache credentials and store password if offline enabled on
>>>> sssd, how these problem would still happening?
>>
>> It might be that the cause of the problem is actually the packet loss or
>> some kind of delay.
>> SSSD might not think that it is offline but cron job itself times out and
>> reports failure.
>> Do you know what operation in the job fails?
>>
>>
>>>>
>>>> sssd.conf:
>>>>
>>>> cache_credentials = True
>>>> krb5_store_password_if_offline = True
>>> Did the use log in at least once offline? You can verify if the password
>>> has been cached using the ldbsearch utility. It would be best to catch
>>> the occurence of the problem in logs.
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>
>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

More information about the Freeipa-users mailing list