Issue #2050: ssh login reject is abrupt - sssd - Pagure.io

SSSD / sssd

#2050 ssh login reject is abrupt

Closed: Fixed None Opened 10 years ago by sp4.

When a user is rejected due to invalid LDAP group membership, the disconnect is uninformative and abrupt. The same abrupt disconnect occurs when /etc/security/access.conf takes precedence.

In pam_sss with a valid SSH public key on the server, a user sees:

[test-user@test-client Desktop]$ ssh test-server[[BR]]
Connection closed by 192.168.1.22

Without a public key, the user is prompted for a password and upon successful authentication, sees the same "connection closed" message without any explanation for why.

This is on RHEL 6.4 with openssh-server-5.3p1-84.1.el6.x86_64 and sssd-client-1.9.2-82.7.el6_4.x86_64 with sssd-1.9.2-82.7.el6_4.x86_64.

The pam_ldap-185-11.el6.x86_64 using /etc/pam_ldap.conf gives too much information for a high-security site:
You must be a member of cn=GoodUsers,ou=x,... to login.

jhrozek commented 10 years ago

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12 beta

dpal commented 10 years ago

Fields changed

rhbz: => 0

dpal commented 10 years ago

Fields changed

type: enhancement => defect

jhrozek commented 10 years ago

Fields changed

owner: somebody => preichl

jhrozek commented 9 years ago

Fields changed

milestone: SSSD 1.12 beta => SSSD 1.12 beta 2

jhrozek commented 9 years ago

Pavel is working on the patch, but the fix needs a bit more work. Since there is a string change, moving to 1.12.1

milestone: SSSD 1.12 beta 2 => SSSD 1.12.1

jhrozek commented 9 years ago

Fields changed

review: 0 => 1

jhrozek commented 9 years ago

Mass-moving all tickets that didn't make 1.12.1 into 1.12.2

milestone: SSSD 1.12.1 => SSSD 1.12.2

jhrozek commented 9 years ago

We need to do a release as requested by downstream. Moving tickets that are not fixed already or very close to acking to 1.12.3

milestone: SSSD 1.12.2 => SSSD 1.12.3

dpal commented 9 years ago

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1163436 (RHEL RFE)

rhbz: 0 => [https://bugzilla.redhat.com/show_bug.cgi?id=1163436 1163436]

jhrozek commented 9 years ago

Fields changed

mark: => 0
milestone: SSSD 1.12.3 => SSSD 1.12.4

preichl commented 9 years ago

Fields changed

patch: 0 => 1

jhrozek commented 9 years ago

Moving tickets that didn't make the 1.12.4 release to 1.12.5

milestone: SSSD 1.12.4 => SSSD 1.12.5

jhrozek commented 9 years ago

master:
- f3c2dc1
- e039f1a
- a61d6d0
sssd-1-12:
- 09c9dfa
- a81b2ae
- 325a3a1

resolution: => fixed
status: new => closed

Metadata Update from @sp4:
- Issue assigned to preichl
- Issue set to the milestone: SSSD 1.12.5

7 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3092

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata

Assignee

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

SSSD 1.12.5

type

defect

component

PAM

version

1.9.2

selected

None

testsupdated

0

patch

1

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1163436

design_review

0

review

1

changelog

None

keywords

ssh,sss

coverity

None

mark

0

blocking

None

design

None

sensitive

None

cc

jhrozek@redhat.com, simo@redhat.com

blockedby

None

feature_milestone

None

Powered by Pagure 5.13.3

Documentation • File an Issue • About • SSH Hostkey/Fingerprint

© Red Hat, Inc. and others.