#2984 Don't prompt for password if there is already one on the stack
Closed: Fixed 4 years ago Opened 5 years ago by jhrozek.

Some projects we integrate with (like RHEV-M) have a guest agent that the RHEV engine feeds the password the user provided to access the RHEV engine. It's expected that the guest agent then puts the password on the PAM stack in the virtualized guest and provide a kind of a single-sign-on this way.

But since recent versions, we tend to prompt for password in sssd (unless use_first_pass is used) itself to make sure we can run the preauth first and prompt for 2FA.

We should enhance pam_sss to handle this kind of a situation better and if there is a password on the stack, just try to authenticate with it.


So far putting to 1.15 and will ask in the downstream BZ if the RHEV-M team is happy with a workaround.

milestone: NEEDS_TRIAGE => SSSD 1.15 beta

This should be fixed sooner because the workaround is not enough to use RHEV-M seamlessly.

milestone: SSSD 1.15 beta => SSSD 1.14.0

Downstream BZ -> Increase in priority.

priority: major => critical

1.14.0 should be released no later than Wednesday next week, this ticket should not block the 1.14.0 release.

milestone: SSSD 1.14.0 => SSSD 1.14.1

The patch is still not ready and we need to release 1.14.2 soon.

milestone: SSSD 1.14.1 => SSSD 1.14.2

So far the workaround seems to have made everyone happy. We should fix this, but IMO next release is OK. Moving to triage.

milestone: SSSD 1.14.2 => NEEDS_TRIAGE

This is blocked by pam-wrapper patches that are in 1.15 Alpha, so I'm putting this ticket into 1.15 Beta.

milestone: NEEDS_TRIAGE => SSSD 1.15 Beta

Fields changed

owner: somebody => sbose
status: new => assigned

Fields changed

patch: 0 => 1

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.15.3

4 years ago

Metadata Update from @lslebodn:
- Custom field component reset
- Custom field design_review reset
- Custom field mark reset
- Custom field patch adjusted to on (was: 1)
- Custom field review reset
- Custom field sensitive reset
- Custom field testsupdated reset
- Custom field type reset
- Custom field version reset
- Issue close_status updated to: None

4 years ago

Metadata Update from @lslebodn:
- Custom field design_review reset
- Custom field mark reset
- Custom field review reset
- Custom field sensitive reset
- Custom field testsupdated reset
- Issue set to the milestone: SSSD 1.15.1 (was: SSSD 1.15.3)

4 years ago

Metadata Update from @lslebodn:
- Custom field design_review reset
- Custom field mark reset
- Custom field review reset
- Custom field sensitive reset
- Custom field testsupdated reset
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

4 years ago

Metadata Update from @lslebodn:
- Custom field component adjusted to SSSD
- Custom field design_review reset
- Custom field mark reset
- Custom field review reset
- Custom field sensitive reset
- Custom field testsupdated reset
- Custom field type adjusted to defect
- Custom field version adjusted to 1.13.3

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4025

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata