Learn more about these different git repos.
Other Git URLs
pam_process_init() -> get_trusted_uids() -> csv_string_to_uid_array() -> unsetenv("_SSS_LOOPS") && sss_user_by_name_or_uid() -> getpw*()
pam_process_init()
get_trusted_uids()
csv_string_to_uid_array()
sss_user_by_name_or_uid()
Depending on nsswitch.conf content this might result in pam_process_init() being blocked for a long time and terminated by own responders watchdog (similarly to description provided in https://bugzilla.redhat.com/show_bug.cgi?id=1666819#c57). And this might lead to fail of responder startup and hence to fail of sssd startup.
As @jhrozek pointed out, one of possible solutions could be not to call get_trusted_uids() during startup but lazily when first pam request come. This is still dangerous (might result in restart of responder by watchdog) but better then totally failed sssd startup.
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.2
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD Future releases (no date set yet) (was: SSSD 2.2)
Metadata Update from @thalman: - Issue tagged with: Future milestone
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4939
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @pbrezina: - Issue close_status updated to: cloned-to-github - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.