Learn more about these different git repos.
Other Git URLs
When you add a user ID override to the Default Trust View and give the user an SSH public key, all works as expected. However, when you remove the user override, the SSH key for the user persists when looked up via sss_ssh_authorizedkeys. When I asked about this in the #freeipa IRC channel, it was suggested that I open an issue here. This is similar to but not the same as https://pagure.io/SSSD/sssd/issue/3602.
sss_ssh_authorizedkeys
I'm running FreeIPA 4.6.4 on an up-to-date CentOS 7. These are the packages that are installed:
[root@ipatest log]# rpm -q ipa-server sssd krb5-server pki-server selinux-policy ipa-server-4.6.4-10.el7.centos.2.x86_64 sssd-1.16.2-13.el7_6.5.x86_64 krb5-server-1.15.1-37.el7_6.x86_64 pki-server-10.5.9-6.el7.noarch selinux-policy-3.13.1-229.el7_6.9.noarch
Steps to reproduce:
sss_ssh_authorizedkeys user@ad-domain.com
Expected results: * Running sss_cache -E followed by sss_ssh_authorizedkeys user@ad-domain.com should not return the ssh key after the override is deleted
sss_cache -E
Actual results: * Running sss_cache -E followed by sss_ssh_authorizedkeys user@ad-domain.com still returns the ssh key
Workarounds: 1. Delete the SSH key in the override before deleting the override. 2. Re-add the user override without an SSH key and then run sss_cache -E
Metadata Update from @pbrezina: - Issue tagged with: Future milestone
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4929
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @pbrezina: - Issue close_status updated to: cloned-to-github - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.