Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1081046
Description of problem: Passwordless login works for expired ad user Version-Release number of selected component (if applicable): 1.11.2-61 How reproducible: Always Steps to Reproduce: 1. User is expired on the ad server. 2. sssd.conf has: [domain/sssdad2012.com] debug_level = 0xFFF0 id_provider = ad ad_server = kauwin.sssdad2012.com ad_domain = sssdad2012.com access_provider = ad fallback_homedir = /home/%u 3. Try to auth as the user # ssh -l testuser01 localhost testuser01@localhost's password: Permission denied, please try again. testuser01@localhost's password: 4. /var/log/secure shows: Mar 26 17:19:01 dhcp207-186 sshd[26869]: pam_sss(sshd:auth): received for user testuser01: 13 (User account has expired) 5. Now, setup password-less auth using ssh public key. 6. Auth as the user # ssh -l testuser01 localhost Last login: Wed Mar 26 16:57:55 2014 from localhost -sh-4.2$ <== User login should have failed Actual results: Password-less user login works Expected results: User login should have failed. Additional info:
We should eventually just connect to LDAP, not GC, at least with access control. The GC turns out to be quite useless over time with so many attributes we rely on not being replicated to GC.
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => review: True => 0 selected: => testsupdated: => 0
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.13 beta
Workaround is to disable GC in the sssd.conf.
mark: => 0
milestone: SSSD 1.13 beta => SSSD 1.13 backlog
Mass-moving tickets not planned for the 1.13 release to 1.14
milestone: SSSD 1.13 backlog => SSSD 1.14 beta
priority: major => minor sensitive: => 0
This feature depends on implementing the S4U2Self functionality which is a stretch goal for 1.14, so I'm moving this ticket to backlog.
milestone: SSSD 1.14 beta => SSSD 1.14 backlog
Since the 1.14 branch is transitioning into maintenance mode and new functionality is being developed in master which will become 1.15 eventually, I'm mass-moving tickets from the 1.14 backlog milestone to the "Future releases" milestone.
milestone: SSSD 1.14 backlog => SSSD Future releases (no date set yet)
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD Future releases (no date set yet)
This was fixed by fixing issue #2474
Metadata Update from @jhrozek: - Custom field design_review reset (from 0) - Custom field mark reset (from 0) - Custom field patch reset (from 0) - Custom field review reset (from 0) - Custom field sensitive reset (from 0) - Custom field testsupdated reset (from 0) - Issue close_status updated to: duplicate - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3341
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.