Bug 1297462

Summary: Don't include 'enable_only=sssd' in the localauth plugin config
Product: Red Hat Enterprise Linux 7 Reporter: Jakub Hrozek <jhrozek>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: shridhar <sgadekar>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: brian, grajaiya, jgalipea, jhrozek, lslebodn, mkosek, mzidek, pbrezina, sbose, sssd-maint, sssd-qe
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.15.0-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 08:58:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jakub Hrozek 2016-01-11 15:15:24 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2920

This came up during an IRC discussion with Sumit as a cheap way to proceed towards fixing ticket #2707.

If we drop 'enable_only = sssd' from localauth_plugin. Then the krb5 default should be used after the SSSD plugin does not give a definitive result.
Comment 2 Jakub Hrozek 2016-01-27 15:03:07 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2788
Comment 4 Jakub Hrozek 2016-07-01 14:20:20 UTC 
We already did some improvements to the localauth plugin logic, this ticket is an incremental improvement planned for the next version
Comment 5 Jakub Hrozek 2016-11-14 10:57:01 UTC 
master: 2658ad37cd04f211aa28b1d71acb27c4edfb03da
Comment 7 shridhar 2017-05-26 08:24:11 UTC 
pls share the steps to verify this bugzilla?
Comment 8 Sumit Bose 2017-05-26 09:31:26 UTC 
Just check if there is no line 'enable_only=sssd' in /var/lib/sss/pubconf/krb5.include.d/localauth_plugin.

Then content should just look like

[plugins]
 localauth = {
  module = sssd:/usr/lib/sssd/modules/sssd_krb5_localauth_plugin.so
 }


or ../lib64/.. depending on the platform

HTH

bye,
Sumit
Comment 9 shridhar 2017-05-26 10:05:16 UTC 
Verified with 
r7-permanent ~]# rpm -q sssd 
sssd-1.15.2-33.el7.x86_64

[root@shr-r7-permanent ~]# cat /var/lib/sss/pubconf/krb5.include.d/localauth_plugin
[plugins]
 localauth = {
  module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so
 }
Comment 10 errata-xmlrpc 2017-08-01 08:58:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:2294