Learn more about these different git repos.
Other Git URLs
I installed FreeIPA 4.5.0 on a CentOS 7.4 server and configured a trust between it and an AD domain server, using ID views in the the Default Trust View to override the users' loginShell and homeDirectory attributes sent to the ipa clients. Once configured, SSH authentication with a public key works even after the public key is removed.
Steps to Reproduce: - create a ID View on the Default Trust View and add a user override - add an SSH public key to the user override - login to a client, the password will not be requested - remove the public key from the user override - login to a client again, the password is not requested
Actual behavior: After I remove a key, either from the web GUI or the CLI, the user can still login with the old key.
Expected behavior: After removing a key the users shouldn't be able to login to the clients without using their password.
Metadata Update from @fidencio: - Issue assigned to fidencio
Metadata Update from @fidencio: - Assignee reset - Custom field patch adjusted to on
PR: https://github.com/SSSD/sssd/pull/472
Metadata Update from @jhrozek: - Issue assigned to fidencio - Issue tagged with: PR, bug
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.2
Related PR does not contain any code coverage for this bugfix and this ticket is not linked with downstream bug.
This bug should be tested somewhere to prevent any regressions in future. Removing milestone ("moving to needs triage") for further discussion.
We can push PR sooner if we find solution before next triage.
Metadata Update from @lslebodn: - Issue set to the milestone: None (was: SSSD 1.16.2)
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1537272
Issue linked to Bugzilla: Bug 1537272
As we track the problem in a RHBZ it would be tested for us by downstream QE. So I'm moving the ticket back to the 1.16.2 milestone. If the PR gets merged, we will move the ticket to 1.16.1.
master:
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.1 (was: SSSD 1.16.2)
sssd-1-14:
sssd-1-13:
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4625
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.