#3292 RFE: Create troubleshooting tool to check authentication, authorization and extended attribute lookup

Created 2 months ago by jhrozek
Modified 11 days ago

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1414023

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Current understanding of the development is that this tool should allow customer or a support engineer to:

  • check authentication of the user via selected PAM service (there should be an option) to make sure user+password is corecct
  • check authorization of the user (also via selected PAM service), to make sure IdM HBAC are set correctly
  • check that user identity and extended attributes are readable via DBUS call

This is currently proposed scope of the tool.

With respect to authentication and authorization there is already pam_test_client which currently accepts an action 'auth' or 'acct' and a user name. It currently uses a hardcoded test service but it would be easy to add another command line parameter for the service.

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
patch: => 0
review: True => 0
selected: =>
summary: Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc. => RFE: Create troubleshooting tool to check authentication, authorization and extended attribute lookup
testsupdated: => 0
type: defect => enhancement

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.16 Beta
priority: major => minor

a month ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.15.3

11 days ago

Metadata Update from @sbose:
- Issue assigned to sbose

11 days ago

Metadata Update from @sbose:
- Custom field design_review reset
- Custom field mark reset
- Custom field patch adjusted to on (was: 0)
- Custom field review reset
- Custom field sensitive reset
- Custom field testsupdated reset
- Issue close_status updated to: None

Login to comment on this ticket.

enhancement

SSSD

false

on

https://bugzilla.redhat.com/show_bug.cgi?id=1414023

false

false

false

false

cancel