#2530 MAN: Document that only usernames are checked for pam_trusted_uids
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1173482

Description of problem:

The man page suggests "if there is a user name in pam_trusted_users list which
fails to be resolved it will cause that SSSD will not be started." When an
unresolved username is assigned to pam_trusted_users, as expected SSSD service
fails to start which means the userid for trusted user should exist for SSSD
service to function. Now, when a non-existent id is directly assigned to
pam_trusted_users, SSSD service works fine. I think using a non-existing userid
is similar to using an unresolved user. So, SSSD should either verify the
existence of userid before startup OR man page should be updated accordingly.

Version-Release number of selected component (if applicable):
sssd-1.12.2-28.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Assign any numeric id which doesn't exist in local system or your ldap
server to pam_trusted_users.

2. Start sssd service


Actual results:
SSSD Service starts successfully.

Expected results:
Service should fail to start OR man page to be updated accordingly.

Additional info:

Required by downstream, moving to 1.12.3. Just the man page will be fixed.

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
milestone: NEEDS_TRIAGE => SSSD 1.12.3
owner: somebody => jhrozek
review: True => 0
selected: =>
status: new => assigned
testsupdated: => 0

Fields changed

summary: pam_sss domains option: SSSD service should fail to start when pam_trusted_users = non-existing-id => MAN: Document that only usernames are checked for pam_trusted_uids

Fields changed

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.12.3

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3572

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata