#4052 sssd config option "default_domain_suffix" should not cause the files domain entries to be qualified
Closed: Fixed 2 years ago by jhrozek. Opened 2 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1736796

Description of problem:

ssd config option:
  default_domain_suffix = blah
breaks sudo.

And causes local users to show up with "implicit_files" domain.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Configure local user to sudo eg to root without password.
2. Add "default_domain_suffix = blah" option to sssd section of sssd.conf.
3. Restart sssd.
4. Login as local user, behold as your bash prompt or whatever shows
"implicit_files" domain.
5. Try to sudo to root, as allowed by sudoers. Marvel and boggle with amazement
as it fails.

Actual results:
bash prompt:
[someuser@implicit_files@somehostname ~]$

sudo fail:
  sudo su -
  sudo: PAM account management error: Authentication service cannot retrieve
authentication info

Expected results:
bash prompt:
[someuser@somehostname ~]$

sudo su -

Additional info:

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1736796

2 years ago

Metadata Update from @jhrozek:
- Issue assigned to jhrozek

2 years ago

Metadata Update from @jhrozek:
- Issue tagged with: PR, regression

2 years ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/5020

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.