Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1173482
Description of problem:
The man page suggests "if there is a user name in pam_trusted_users list which
fails to be resolved it will cause that SSSD will not be started." When an
unresolved username is assigned to pam_trusted_users, as expected SSSD service
fails to start which means the userid for trusted user should exist for SSSD
service to function. Now, when a non-existent id is directly assigned to
pam_trusted_users, SSSD service works fine. I think using a non-existing userid
is similar to using an unresolved user. So, SSSD should either verify the
existence of userid before startup OR man page should be updated accordingly.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Assign any numeric id which doesn't exist in local system or your ldap
server to pam_trusted_users.
2. Start sssd service
SSSD Service starts successfully.
Service should fail to start OR man page to be updated accordingly.
Required by downstream, moving to 1.12.3. Just the man page will be fixed.
design_review: => 0
mark: no => 0
milestone: NEEDS_TRIAGE => SSSD 1.12.3
owner: somebody => jhrozek
review: True => 0
status: new => assigned
testsupdated: => 0
summary: pam_sss domains option: SSSD service should fail to start when pam_trusted_users = non-existing-id => MAN: Document that only usernames are checked for pam_trusted_uids
resolution: => fixed
status: assigned => closed
Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.12.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.