Bug 805108
Summary: | sss_ssh_knownhostproxy infinite loop hangs SSH login | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Stephen Gallagher <sgallagh> |
Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> |
Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.3 | CC: | grajaiya, jcholast, jgalipea, prc |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.8.0-17.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause:
A programming error caused a loop to be exited only on error.
Consequence:
When the connection was closed, the loop was not exited, which caused sss_ssh_knownhostsproxy to hang.
Fix:
Exit the loop when the connection is closed.
Result:
sss_ssh_knownhostsproxy does not hang when the connection is closed.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-20 11:56:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 801451 | ||
Bug Blocks: |
Description
Stephen Gallagher
2012-03-20 15:02:18 UTC
See BZ #801451 for details on how to reproduce this Make sure knownhostsproxy is enabled. Relevant sssd.conf: [domain/lab.eng.pnq.redhat.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = lab.eng.pnq.redhat.com id_provider = ipa auth_provider = ipa access_provider = ipa ldap_account_expire_policy = ipa ipa_hostname = primenova.lab.eng.pnq.redhat.com chpass_provider = ipa ipa_server = primenova.lab.eng.pnq.redhat.com ldap_tls_cacert = /etc/ipa/ca.crt debug_level = 9 # ssh -l shanks primenova.lab.eng.pnq.redhat.com Connection closed by UNKNOWN /var/log/message: Mar 21 01:18:14 primenova sshd[22821]: pam_sss(sshd:account): system info: [The user account is locked on the server] Mar 21 01:18:14 primenova sshd[22821]: pam_sss(sshd:account): Access denied for user shanks: 6 (Permission denied) Mar 21 01:18:14 primenova sshd[22822]: fatal: Access denied for user shanks by PAM account configuration /var/log/sssd/sssd_<domain>.log (Wed Mar 21 01:18:53 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [sdap_account_expired_rhds] (0x0400): Performing RHDS access check for user [shanks] (Wed Mar 21 01:18:53 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [sdap_account_expired_rhds] (0x4000): Account for user [shanks] is locked. (Wed Mar 21 01:18:53 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 6, <NULL>) [Success] (Wed Mar 21 01:18:53 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (0x0100): Sending result [6][lab.eng.pnq.redhat.com] (Wed Mar 21 01:18:53 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (0x0100): Sent result [6][lab.eng.pnq.redhat.com] (Wed Mar 21 01:18:55 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [sbus_dispatch] (0x4000): dbus conn: ACDEF0 (Wed Mar 21 01:18:55 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [sbus_dispatch] (0x4000): Dispatching. (Wed Mar 21 01:18:55 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] Verified: sssd-1.8.0-17.el6.x86_64 Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: A programming error caused a loop to be exited only on error. Consequence: When the connection was closed, the loop was not exited, which caused sss_ssh_knownhostsproxy to hang. Fix: Exit the loop when the connection is closed. Result: sss_ssh_knownhostsproxy does not hang when the connection is closed. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0747.html |