Bug 707513

Summary:	Unable to authenticate users when username contains "\0"
Product:	Red Hat Enterprise Linux 6	Reporter:	Kaushik Banerjee <kbanerje>
Component:	sssd	Assignee:	Stephen Gallagher <sgallagh>
Status:	CLOSED ERRATA	QA Contact:	Chandrasekar Kannan <ckannan>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	6.1	CC:	benl, dpal, grajaiya, jgalipea, jhrozek, prc
Target Milestone:	rc
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	sssd-1.5.1-37.el6	Doc Type:	Bug Fix
Doc Text:	Cause: SSSD did not correctly escape some special characters in user names Consequence: initgroups and by extension login failed for users whose user name contained special characters Fix: SSSD now uses a sanitize function to escape user names Result: users with special characters in user names are able to log in now	Story Points:	---
Clone Of:
Clones:	707975 (view as bug list)		Environment:
Last Closed:	2011-12-06 16:38:29 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	707975

Description Kaushik Banerjee 2011-05-25 09:57:00 UTC

Description of problem:
Unable to authenticate users when username contains "\0"

Version-Release number of selected component (if applicable):
sssd-1.5.1-34.el6.i686

How reproducible:
Always

Steps to Reproduce:
1. Create a user in DS using the following ldif
dn: uid=usr\\007,ou=People,dc=example,dc=com
uidNumber: 90099
gidNumber: 90099
objectClass: top
objectClass: posixAccount
objectClass: person
cn: usr\\007
homeDirectory: /export/usr007
userPassword: Secret123
sn: usr007

2.ldapsearch shows:
# usr\5C007, People, example.com
dn: uid=usr\5C007,ou=People,dc=example,dc=com
uidNumber: 90099
gidNumber: 90099
objectClass: top
objectClass: posixAccount
objectClass: person
cn: usr\\007
homeDirectory: /export/usr007
sn: usr007
uid: usr\007

3. Enumeration of user\\007:
# getent -s sss passwd usr\\007 
usr\007:*:90099:90099:usr\\007:/export/usr007:

4. Auth using user\\007:
# ssh -l usr\\007 localhost
usr\007@localhost's password: 
Permission denied, please try again.
usr\007@localhost's password: 

5. /var/log/secure shows:
May 25 15:19:22 rh61-x86 sshd[17978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=usr\007
May 25 15:19:22 rh61-x86 sshd[17978]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=usr\007
May 25 15:19:22 rh61-x86 sshd[17978]: pam_sss(sshd:auth): received for user usr\007: 10 (User not known to the underlying authentication module)

6. /var/log/sssd/sssd_default.log
(Wed May 25 15:22:56 2011) [sssd[be[default]]] [sbus_dispatch] (9): dbus conn: 8478238
(Wed May 25 15:22:56 2011) [sssd[be[default]]] [sbus_dispatch] (9): Dispatching.
(Wed May 25 15:22:56 2011) [sssd[be[default]]] [sbus_message_handler] (9): Received SBUS method [ping]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sbus_dispatch] (9): dbus conn: 847FD98
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sbus_dispatch] (9): Dispatching.
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sbus_message_handler] (9): Received SBUS method [getAccountInfo]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [be_get_account_info] (4): Got request for [3][1][name=usr\007]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_id_op_connect_step] (9): reusing cached connection
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_initgr_send] (9): Retrieving info for initgroups call
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [(&(uid=usr\007)(objectclass=posixAccount))][dc=example,dc=com].
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [objectClass]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [uid]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [userPassword]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [uidNumber]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [gidNumber]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [gecos]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [homeDirectory]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [loginShell]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [krbPrincipalName]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [cn]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [modifyTimestamp]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [modifyTimestamp]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowLastChange]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowMin]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowMax]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowWarning]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowInactive]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowExpire]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowFlag]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [krbLastPwdChange]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [krbPasswordExpiration]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [pwdAttribute]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [authorizedService]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [accountExpires]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [userAccountControl]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [nsAccountLock]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_send] (8): ldap_search_ext called, msgid = 11
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_process_result] (8): Trace: sh[0x848c160], connected[1], ops[0x84822d8], ldap[0x848c1c8]
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_generic_done] (6): Search result: Success(0), (null)
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_initgr_user] (9): Receiving info for the user
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_get_initgr_user] (2): Expected one user entry and got 0
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [sdap_id_op_done] (9): releasing operation connection
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_callback": 0x84f19b8

(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_timeout": 0x84cff20

(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): tevent: Destroying timer event 0x84cff20 "ltdb_timeout"

(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): tevent: Ending timer event 0x84f19b8 "ltdb_callback"

(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): start ldb transaction (nesting: 0)
(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_callback": 0x84ef560

(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_timeout": 0x84ef5c0

(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_callback": 0x84f0600

(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_timeout": 0x84f06c8

(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): tevent: Destroying timer event 0x84ef5c0 "ltdb_timeout"

(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): tevent: Ending timer event 0x84ef560 "ltdb_callback"

(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): tevent: Destroying timer event 0x84f06c8 "ltdb_timeout"

(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): tevent: Ending timer event 0x84f0600 "ltdb_callback"

(Wed May 25 15:22:57 2011) [sssd[be[default]]] [ldb] (9): commit ldb transaction (nesting: 0)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [acctinfo_callback] (4): Request processed. Returned 0,0,Success
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_process_result] (8): Trace: sh[0x848c160], connected[1], ops[(nil)], ldap[0x848c1c8]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_process_result] (8): Trace: ldap_result found nothing!
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sbus_dispatch] (9): dbus conn: 847E078
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sbus_dispatch] (9): Dispatching.
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sbus_message_handler] (9): Received SBUS method [getAccountInfo]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [be_get_account_info] (4): Got request for [4097][1][name=usr\007]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_id_op_connect_step] (9): reusing cached connection
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [(&(uid=usr\5c007)(objectclass=posixAccount))][dc=example,dc=com].
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [objectClass]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [uid]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [userPassword]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [uidNumber]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [gidNumber]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [gecos]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [homeDirectory]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [loginShell]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [krbPrincipalName]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [cn]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [modifyTimestamp]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [modifyTimestamp]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowLastChange]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowMin]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowMax]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowWarning]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowInactive]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowExpire]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowFlag]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [krbLastPwdChange]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [krbPasswordExpiration]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [pwdAttribute]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [authorizedService]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [accountExpires]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [userAccountControl]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [nsAccountLock]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_send] (8): ldap_search_ext called, msgid = 12
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_process_result] (8): Trace: sh[0x848c160], connected[1], ops[0x848a4b8], ldap[0x848c1c8]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_parse_entry] (9): OriginalDN: [uid=usr\5C007,ou=People,dc=example,dc=com].
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_process_result] (8): Trace: sh[0x848c160], connected[1], ops[0x848a4b8], ldap[0x848c1c8]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_generic_done] (6): Search result: Success(0), (null)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_users_process] (6): Search for users, returned 1 results.
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): start ldb transaction (nesting: 0)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_save_user] (9): Save user
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_save_user] (7): Adding original DN [uid=usr\5C007,ou=People,dc=example,dc=com] to attributes of [usr\007].
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_save_user] (7): Original memberOf is not available for [usr\007].
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_save_user] (7): Original USN value is not available for [usr\007].
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_save_user] (7): User principal is not available for [usr\007].
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_save_user] (6): Storing info for user usr\007
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): start ldb transaction (nesting: 1)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_callback": 0x84ef610

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_timeout": 0x84ef6d8

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Destroying timer event 0x84ef6d8 "ltdb_timeout"

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Ending timer event 0x84ef610 "ltdb_callback"

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sysdb_search_user_by_name] (6): Error: 2 (No such file or directory)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): start ldb transaction (nesting: 2)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_callback": 0x84f0d28

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_timeout": 0x84efda0

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Destroying timer event 0x84efda0 "ltdb_timeout"

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Ending timer event 0x84f0d28 "ltdb_callback"

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sysdb_search_user_by_uid] (6): Error: 2 (No such file or directory)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): start ldb transaction (nesting: 3)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_callback": 0x84e7498

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_timeout": 0x84e7560

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Destroying timer event 0x84e7560 "ltdb_timeout"

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Ending timer event 0x84e7498 "ltdb_callback"

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): commit ldb transaction (nesting: 3)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): start ldb transaction (nesting: 3)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_callback": 0x84ef508

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Added timed event "ltdb_timeout": 0x84e7390

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Destroying timer event 0x84e7390 "ltdb_timeout"

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): tevent: Ending timer event 0x84ef508 "ltdb_callback"

(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): commit ldb transaction (nesting: 3)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): commit ldb transaction (nesting: 2)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): commit ldb transaction (nesting: 1)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_save_users] (9): User 0 processed!
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [ldb] (9): commit ldb transaction (nesting: 0)
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_get_users_process] (9): Saving 1 Users - Done
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_id_op_done] (9): releasing operation connection
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [acctinfo_callback] (4): Request processed. Returned 0,0,Success
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_process_result] (8): Trace: sh[0x848c160], connected[1], ops[(nil)], ldap[0x848c1c8]
(Wed May 25 15:22:58 2011) [sssd[be[default]]] [sdap_process_result] (8): Trace: ldap_result found nothing!

  
Actual results:
Auth fails.

Expected results:
Auth should succeed.

Additional info:
1. Auth as "usr\\1" succeeds.

2. # cat /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
debug_level = 9

[pam]
reconnection_retries = 3

[domain/default]
debug_level = 9
id_provider = ldap
ldap_uri = ldap://<DS Server>
ldap_search_base = dc=example,dc=com
auth_provider = ldap
ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc

Comment 4 Kaushik Banerjee 2011-09-07 16:43:33 UTC

Verified in version:

# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 49.el6                        Build Date: Mon 29 Aug 2011 08:26:38 PM IST
Install Date: Wed 31 Aug 2011 07:01:44 AM IST      Build Host: x86-010.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-49.el6.src.rpm
Size        : 3549339                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon

Comment 5 Jakub Hrozek 2011-10-26 16:26:50 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: SSSD did not correctly escape some special characters in user names
Consequence: initgroups and by extension login failed for users whose user name contained special characters
Fix: SSSD now uses a sanitize function to escape user names
Result: users with special characters in user names are able to log in now

Comment 6 errata-xmlrpc 2011-12-06 16:38:29 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1529.html