'Ticket expired' after executing ipa.sssd.restart() #203
Description
ipa.sssd.restart() appears to cause issues with KCM
The following test will fail with Ticket expired
@pytest.mark.topology(KnownTopologyGroup.IPATrust)
def test_ipa_trusts__kcm_issue(ipa: IPA, trusted: GenericADProvider):
ipa.host.conn.run("klist -A")
ipa.sssd.restart()
ipa.host.conn.run("klist -A")
u1 = ipa.user("user-1").add()
> raise self.error
E pytest_mh.conn.ssh.SSHProcessError:
E Command #45 exited with return code 1:
E Command:
E ipa user-add user-1 --first user-1 --last user-1 --password --password-expiration 20380101120000Z
E CWD:
E Env:
E Output:
E Full name:
E Error output:
E ipa: ERROR: Ticket expired
Before the ipa.sssd.restart() klist shows the new fresh TGT as expected
INFO 2025-09-12 12:51:57,272 master.ipa.test Previous command completed with exit code 0
Output: |
Ticket cache: KCM:0
Default principal: admin@IPA.TEST
Valid starting Expires Service principal
09/12/25 16:51:56 09/13/25 16:34:02 krbtgt/IPA.TEST@IPA.TEST
But then after it shows the 'admin' TGT which was originally stored when the container image was built (Note expires date)
INFO 2025-09-12 12:51:58,856 master.ipa.test Executing command #44
Host: master.ipa.test
User: root
Shell: /usr/bin/env bash -c
Command: klist -A
Input: None
Working directory: None
Extra environment:
INFO 2025-09-12 12:51:58,947 master.ipa.test Previous command completed with exit code 0
Output: |
Ticket cache: KCM:0
Default principal: admin@IPA.TEST
Valid starting Expires Service principal
09/02/25 02:41:50 09/03/25 01:43:38 HTTP/master.ipa.test@IPA.TEST
09/02/25 02:41:49 09/03/25 01:43:38 krbtgt/IPA.TEST@IPA.TEST
Error output:
Sumit states on slack:
when I use ipa.host.conn.exec(["systemctl", "restart", "sssd.service"]) instead everything is working fine.
Debug log attached below.