| Summary: | sssd_be keeps crashing if id_provider=ad or ipa and auth_provider=krb5 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Marcel Kolaja <mkolaja> |
| Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Steeve Goveas <sgoveas> |
| Severity: | unspecified | Docs Contact: | Marc Muehlfeld <mmuehlfe> |
| Priority: | high | ||
| Version: | 7.3 | CC: | ashbyj, cww, grajaiya, jhrozek, jstephen, lslebodn, minyu, mkolaja, mkosek, mupadhye, mzidek, pbrezina, sbose, sgoveas, sssd-maint, striker, tscherf |
| Target Milestone: | rc | Keywords: | ZStream |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.14.0-43.el7_3.6 | Doc Type: | Bug Fix |
| Doc Text: |
Previously, if the "ipa" or "ad" subdomain provider was set in the /etc/sssd/sssd.conf file, the System Security Services Daemon (SSSD) accessed only data that the respective authentication provider sets up. As a consequence, if the user configured the "ipa" or "ad" subdomain provider with a different authentication provider, SSSD accessed uninitialized memory and terminated unexpectedly. A patch has been applied and SSSD now only accesses data if the same authentication and subdomain provider are configured. As a result, SSSD no longer fails in the described scenario.
|
Story Points: | --- |
| Clone Of: | 1392444 | Environment: | |
| Last Closed: | 2017-01-17 18:09:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 1392444 | ||
| Bug Blocks: | |||
|
Description
Marcel Kolaja
2016-11-18 13:13:09 UTC
Tested with
sssd-1.14.0-43.el7_3.11.x86_64
Steps followed during verification:
1) Configure sssd on client.
2) Set id_provider=ad and auth_provider= krb5 in sssd.conf.
3) Start the sssd service.
# cat /etc/sssd/sssd.conf | grep provider
id_provider = ad
auth_provider = krb5
# systemctl status sssd
● sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/sssd.service.d
└─journal.conf
Active: active (running) since Thu 2017-01-05 12:33:31 EST; 5min ago
Process: 4212 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=0/SUCCESS)
Main PID: 4213 (sssd)
CGroup: /system.slice/sssd.service
├─4213 /usr/sbin/sssd -D -f
├─4214 /usr/libexec/sssd/sssd_be --domain EXAMPLE.COM --uid 0 --gid 0 --debug-to-files
├─4215 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
└─4216 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 –debug-to-files
# getent passwd test@EXAMPLE.COM
test@EXAMPLE.COM:*:715401139:715400513:test:/home/EXAMPLE.COM/test:/bin/bash
# id test@EXAMPLE.COM
uid=715401139(test@EXAMPLE.COM) gid=715400513(domain users@EXAMPLE.COM) groups=715400513(domain users@EXAMPLE.COM)
*** Bug 1412170 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0078.html |