#2050 ssh login reject is abrupt
Closed: Fixed None Opened 7 years ago by sp4.

When a user is rejected due to invalid LDAP group membership, the disconnect is uninformative and abrupt. The same abrupt disconnect occurs when /etc/security/access.conf takes precedence.

In pam_sss with a valid SSH public key on the server, a user sees:

[test-user@test-client Desktop]$ ssh test-server[[BR]]
Connection closed by

Without a public key, the user is prompted for a password and upon successful authentication, sees the same "connection closed" message without any explanation for why.

This is on RHEL 6.4 with openssh-server-5.3p1-84.1.el6.x86_64 and sssd-client-1.9.2-82.7.el6_4.x86_64 with sssd-1.9.2-82.7.el6_4.x86_64.

The pam_ldap-185-11.el6.x86_64 using /etc/pam_ldap.conf gives too much information for a high-security site:
You must be a member of cn=GoodUsers,ou=x,... to login.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12 beta

Fields changed

rhbz: => 0

Fields changed

type: enhancement => defect

Fields changed

owner: somebody => preichl

Fields changed

milestone: SSSD 1.12 beta => SSSD 1.12 beta 2

Pavel is working on the patch, but the fix needs a bit more work. Since there is a string change, moving to 1.12.1

milestone: SSSD 1.12 beta 2 => SSSD 1.12.1

Fields changed

review: 0 => 1

Mass-moving all tickets that didn't make 1.12.1 into 1.12.2

milestone: SSSD 1.12.1 => SSSD 1.12.2

We need to do a release as requested by downstream. Moving tickets that are not fixed already or very close to acking to 1.12.3

milestone: SSSD 1.12.2 => SSSD 1.12.3

Fields changed

mark: => 0
milestone: SSSD 1.12.3 => SSSD 1.12.4

Fields changed

patch: 0 => 1

Moving tickets that didn't make the 1.12.4 release to 1.12.5

milestone: SSSD 1.12.4 => SSSD 1.12.5

resolution: => fixed
status: new => closed

Metadata Update from @sp4:
- Issue assigned to preichl
- Issue set to the milestone: SSSD 1.12.5

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3092

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.