Bug 1385665
| Summary: | Incorrect error code returned from krb5_child (updated) | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Dan Lavu <dlavu> |
| Component: | sssd | Assignee: | Sumit Bose <sbose> |
| Status: | CLOSED ERRATA | QA Contact: | Dan Lavu <dlavu> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | fidencio, grajaiya, jhrozek, lslebodn, mkosek, mzidek, pasik, pbrezina, sgoveas |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.16.0-22.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-10-30 10:40:47 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Dan Lavu
2016-10-17 13:12:26 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/3198 > Previous patch that caused this bug.
>
> https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.
> org/thread/OM2BME5DKH3HBD23BB5SC73I5VTATIGD/#FFKZZXSHZXYIC3P6H3P4Z5INSPEZD6MC
The behaviour before the change was not correct either. sssd returned error code for expired user even for disabled user.
The current behaviour is that sssd returns error code for disabled user for expired and disabled user.
This BZ should properly distinguish between expired and disabled user from AD with id provider ad
This bugzilla still needs work upstream. Because we are nearing the development freeze of RHEL-7.4 and the work is not finished yet, I'm reproposing the bug to RHEL-7.5. Please push back if you disagree. * master: * d380148b0a23dd1a04d1d0767ba41d3e76fb7d23 * 5a7b76bf3dc1b7a4a6ca6608c750cbffef73a3eb Verified. Jul 18 02:39:44 cypher sshd[25498]: pam_sss(sshd:account): system info: [The user account is expired on the AD server] Jul 18 02:39:44 cypher sshd[25498]: pam_sss(sshd:account): Access denied for user testuser01-2620451: 13 (User account has expired) Jul 18 02:39:44 cypher sshd[25498]: fatal: Access denied for user testuser01-2620451 by PAM account configuration [preauth] Jul 18 02:42:38 cypher su: pam_unix(su:session): session opened for user nobody by (uid=0) tested against sssd-1.16.2-7.el7.x86_64, test case needs to be updated since the secure message has changed. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3158 |