Back to bug 1396485
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jakub Hrozek | 2016-11-18 15:00:36 UTC | Status | NEW | MODIFIED |
| Fixed In Version | sssd-1.14.0-43.el7_3.6 | |||
| errata-xmlrpc | 2016-11-25 16:49:33 UTC | Status | MODIFIED | ON_QA |
| Jakub Hrozek | 2016-12-14 14:58:21 UTC | Summary | sssd_be keeps crashing | sssd_be keeps crashing if id_provider=ad or ipa and auth_provider=krb5 |
| Jakub Hrozek | 2016-12-14 15:01:00 UTC | Doc Text | Cause: The IPA and AD subdomain providers unconditionally accessed data that the respective authentication provider sets up. Consequence: If the user configured the IPA or AD provider together with a different authentication provider, sssd accessed uninitialized memory and crashed. Fix: SSSD only accesses this data if the same authentication and subdomains provider is used Result: Setups that use id_provider=ipa/ad and auth_provider=krb5 no longer crash. | |
| Doc Type | If docs needed, set a value | Bug Fix | ||
| Madhuri | 2017-01-06 06:57:04 UTC | Status | ON_QA | VERIFIED |
| CC | mupadhye | |||
| Marc Muehlfeld | 2017-01-09 13:26:51 UTC | Docs Contact | mmuehlfe | |
| Doc Text | Cause: The IPA and AD subdomain providers unconditionally accessed data that the respective authentication provider sets up. Consequence: If the user configured the IPA or AD provider together with a different authentication provider, sssd accessed uninitialized memory and crashed. Fix: SSSD only accesses this data if the same authentication and subdomains provider is used Result: Setups that use id_provider=ipa/ad and auth_provider=krb5 no longer crash. | Previously, if the "ipa" or "ad" subdomain provider was set in the /etc/sssd/sssd.conf file, the System Security Services Daemon (SSSD) accessed only data that the respective authentication provider sets up. As a consequence, if the user configured the "ipa" or "ad" subdomain provider with a different authentication provider, SSSD accessed uninitialized memory and terminated unexpectedly. A patch has been applied and SSSD now only accesses data if the same authentication and subdomain provider are configured. As a result, SSSD no longer fails in the described scenario. | ||
| Lukas Slebodnik | 2017-01-11 13:35:40 UTC | CC | ashbyj | |
| errata-xmlrpc | 2017-01-17 12:02:24 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2017-01-17 18:09:59 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-01-17 13:09:59 UTC | |||
| Pavel Březina | 2020-05-04 10:59:06 UTC | Link ID | Github SSSD/sssd/issues/4267 |
Back to bug 1396485