Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2411: krb5-auth-dialog pop-ups

Authentication Service ,  

12 April,16 at 11:09 AM

Applies to: All versions of Centrify DirectControl on RedHat Linux.
 
Problem:
 
In KDE (Redhat manager), Centrify prompts for credentials all the time as shown below. 
 
[title] Network Authentication
Please enter the password for 'username@DOMAIN'
Password: [..........]
Your credentials have expired
[Cancel] [Renew Ticket]
 
The command #adflush or #kdestroy followed by #kinit is not helping here. Parameter "krb5.cache.infinite.renewal:true" was added to /etc/centrifydc/centrifydc.conf in order to automatically reissue the user credentials when they expire. 
 
The parameter "krb5.cache.renew.interval = 8" inside the /etc/centrifydc/centrifydc.conf file was changed to 0 so that adclient does not renew the existing Kerberos ticket to keep existing credentials valid. 
 
Centrify DirectControl was restarted too. Still pop-ups occur. Any reason?

 
Workaround:
 
This is caused by sessions kept by KDE when the user logs out.
 
1. Disable the session save with "KDE Control Center -> Components ->  Session Manager -> 'check' Restore Previous Session" .
 
2. Clean up "~HOME/.kde/share/config/ksmserverrc" file by deleting "krb5-auth-dialog" entries.
 
3. Login with KDE session several times. If one process named krb5-auth-dialog <session> can be found with using ps -ef|grep krb5-auth*, this issue is resolved.
 
Additional information can be found from following RedHat bugs:
 
https://bugzilla.redhat.com/show_bug.cgi?id=514067 
https://bugzilla.redhat.com/show_bug.cgi?id=344991 

(Links provided as a courtesy)

Related Articles

 article[Howto] Set up Centrify Identity Service or Privilege Service for MFA using Smart Card articleCentrify Cloud 16.9 Release Notes articleKB-43281: Retrieving A Secret Throws the Error "Bad HTTP Request with status 500" articleKB-8908: When pre-creating a computer, it fails with "constraint violation" articleKB-9247: Service Fails to Start After Installation of Centrify Agent for Windows articleKB-8071: Report Services - Failed to add service account from cross forest one-way selective trust article[HOWTO] Guide to Enabling MFA for PowerShell Remoting articleKB-9653: Self-service Password Reset During Windows MFA Returns the Error "Failed to reset password, authentication service is not available" articleCentrify 17.1, 17.1 Hotfix 1 & Hotfix 2 Release Notes