Issue #1547: Authentication fails for non-existent domain users cached by SSS_SEED tool - sssd - Pagure.io

SSSD / sssd

#1547 Authentication fails for non-existent domain users cached by SSS_SEED tool

Closed: Invalid None Opened 11 years ago by apeetham.

SSS_SEED tool allows a user who is non-existent in the domain to be cached. The user records can be verified from the cache. However, authentication for such user always fails. After the failed login attempt, user entries were found to be deleted from the cache.

Steps to reproduce:
1. Ensure that the system is online.
2. Clear the sssd cache and restart sssd service.
3. Add a user to cache who is not part of domain and provide password when prompted.
# sss_seed -D LDAP -n non-domainuser -u 10121 -g 10121 -c "Temporary Non-domain user" -h /home/testuser -s /bin/bash

Verify the existence of user information in the cache by running the following command:
# ldbsearch -H /var/lib/sss/db/cache_LDAP.ldb name=non-domainuser

Result seen:
User information exists in cache.

Verify whether the user authentication succeeds using the password from step-3.
# ssh -l non-domainuser localhost

Result seen:
Authentication fails. Upon verifying the cache, the user records were found to be deleted.

Expected Result:
SSS_SEED tool should allow both existing and non-existent domain users to be cached.

mzidek commented 11 years ago

If think this is expected behaviour and not a bug.

jhrozek commented 11 years ago

I agree with Michal, this is not a supported scenarion.

It also sounds like Amith was logging in online, so the attempt couldn't have succeeded.

dpal commented 11 years ago

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11 beta
rhbz: => todo

dpal commented 11 years ago

Fields changed

milestone: SSSD 1.11 beta => SSSD 1.12 beta

jhrozek commented 8 years ago

Fields changed

changelog: =>
design: =>
design_review: => 0
fedora_test_page: =>
mark: => 0
priority: major => minor
review: => 0
selected: =>
sensitive: => 0

jhrozek commented 8 years ago

This has been opened 3 years ago and we haven't really seen any complains about the current behaviour, deferring.

milestone: SSSD 1.14 beta => SSSD Deferred

jhrozek commented 7 years ago

I would just close, this is not a supported scenario and nobody really complained about this for several years.

review: 0 => 1

jhrozek commented 7 years ago

Fields changed

resolution: => wontfix
status: new => closed

Metadata Update from @apeetham:
- Issue set to the milestone: SSSD Patches welcome

7 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2589

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

minor

Milestone

SSSD Patches welcome

type

defect

component

SSSD

version

1.9.0

selected

None

testsupdated

0

patch

0

rhbz

todo

design_review

0

review

1

changelog

None

keywords

None

coverity

None

mark

0

blocking

None

design

None

sensitive

0

cc

None

blockedby

None

feature_milestone

None

Powered by Pagure 5.13.3

Documentation • File an Issue • About • SSH Hostkey/Fingerprint

© Red Hat, Inc. and others.