Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1173482
Description of problem: The man page suggests "if there is a user name in pam_trusted_users list which fails to be resolved it will cause that SSSD will not be started." When an unresolved username is assigned to pam_trusted_users, as expected SSSD service fails to start which means the userid for trusted user should exist for SSSD service to function. Now, when a non-existent id is directly assigned to pam_trusted_users, SSSD service works fine. I think using a non-existing userid is similar to using an unresolved user. So, SSSD should either verify the existence of userid before startup OR man page should be updated accordingly. Version-Release number of selected component (if applicable): sssd-1.12.2-28.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Assign any numeric id which doesn't exist in local system or your ldap server to pam_trusted_users. 2. Start sssd service Actual results: SSSD Service starts successfully. Expected results: Service should fail to start OR man page to be updated accordingly. Additional info:
Required by downstream, moving to 1.12.3. Just the man page will be fixed.
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 milestone: NEEDS_TRIAGE => SSSD 1.12.3 owner: somebody => jhrozek review: True => 0 selected: => status: new => assigned testsupdated: => 0
Fields changed
summary: pam_sss domains option: SSSD service should fail to start when pam_trusted_users = non-existing-id => MAN: Document that only usernames are checked for pam_trusted_uids
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.12.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3572
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.