SSSD / sssd

Clone

1d84ed4 SSH: Do not print an error message if sss_ssh_authorizedkeys is asked for a local user

4 files Authored by jhrozek 6 years ago, Committed by lslebodn 6 years ago,
raw patch tree parent
4 files changed. 26 lines added. 5 lines removed.
src/responder/ssh/sshsrv_cmd.c
file modified
+18 -4
src/sss_client/ssh/sss_ssh_authorizedkeys.c
file modified
+6 -1
src/util/util_errors.c
file modified
+1 -0
src/util/util_errors.h
file modified
+1 -0 
    SSH: Do not print an error message if sss_ssh_authorizedkeys is asked for a local user
    
    If an IPA client uses the SSH integration and a local user logs in with
    SSH, the sss_ssh_authorizedkeys looks up their keys in the SSH
    responder, which doesn't find the user and returns ENOENT. The
    sss_ssh_authorizedkeys reports a failure on any error, including ENOENT
    which produced a confusing error message in the logs.
    
    This patch adds a new error code that handles users that are not found
    by SSSD but exist on the system and also special cases root with the
    same error code. Therefore, logging in as a local user no longer prints
    an error message.
    
    Resolves:
    https://fedorahosted.org/sssd/ticket/3003
    
    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    (cherry picked from commit fcbcfa69f9291936f01f24b5fcb5a7672dca46f3)
file modified
+18 -4
file modified
+6 -1
file modified
+1 -0
file modified
+1 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.