Bug 958537
Summary: | gdm user list does not include sssd users | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jeff Bastian <jbastian> | ||||
Component: | accountsservice | Assignee: | Matthias Clasen <mclasen> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 19 | CC: | mclasen, pkis, rstrode, stefw | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | accountsservice-0.6.32-1.fc19 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 959464 (view as bug list) | Environment: | |||||
Last Closed: | 2013-07-09 13:22:31 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 959458, 959464 | ||||||
Attachments: |
|
Description
Jeff Bastian
2013-05-01 19:09:58 UTC
This might be a problem with accountsservice. I sent a dbus query and my UID is not listed: $ dbus-send --system --type=method_call --print-reply \ --dest=org.freedesktop.Accounts \ /org/freedesktop/Accounts \ org.freedesktop.Accounts.ListCachedUsers method return sender=:1.85 -> dest=:1.314 reply_serial=2 array [ object path "/org/freedesktop/Accounts/User1000" object path "/org/freedesktop/Accounts/User1001" ] UIDs 1000 and 1001 are the two local users in /etc/passwd. My UID is 12257. However, the accountsservice system *does* remember my preferred session: $ dbus-send --system --type=method_call --print-reply \ --dest=org.freedesktop.Accounts \ /org/freedesktop/Accounts/User12257 \ org.freedesktop.DBus.Properties.Get \ string:"org.freedesktop.Accounts.User" string:"XSession" method return sender=:1.85 -> dest=:1.315 reply_serial=2 variant string "gnome" I tried forcing it to cache me: $ dbus-send --system --type=method_call --print-reply \ --dest=org.freedesktop.Accounts \ /org/freedesktop/Accounts \ org.freedesktop.Accounts.CacheUser \ string:"jbastian" method return sender=:1.85 -> dest=:1.408 reply_serial=2 object path "/org/freedesktop/Accounts/User12257" It prompted for a password and, based on the reply, it appeared to work. However, I'm still not cached: $ dbus-send --system --type=method_call --print-reply \ --dest=org.freedesktop.Accounts \ /org/freedesktop/Accounts \ org.freedesktop.Accounts.ListCachedUsers method return sender=:1.85 -> dest=:1.415 reply_serial=2 array [ object path "/org/freedesktop/Accounts/User1000" object path "/org/freedesktop/Accounts/User1001" ] Apparently accountsservice thinks I'm a system account and that's why it won't cache me: $ dbus-send --system --type=method_call --print-reply \ --dest=org.freedesktop.Accounts \ /org/freedesktop/Accounts/User12257 \ org.freedesktop.DBus.Properties.Get \ string:"org.freedesktop.Accounts.User" string:"SystemAccount" method return sender=:1.85 -> dest=:1.418 reply_serial=2 variant boolean true I downgraded to accountsservice-0.6.30-2.fc19.x86_64 and that fixed it! I see my account now in the gdm user list, and I can verify it with dbus-send: $ dbus-send --system --type=method_call --print-reply \ --dest=org.freedesktop.Accounts \ /org/freedesktop/Accounts \ org.freedesktop.Accounts.ListCachedUsers method return sender=:1.3 -> dest=:1.84 reply_serial=2 array [ object path "/org/freedesktop/Accounts/User12257" object path "/org/freedesktop/Accounts/User1000" object path "/org/freedesktop/Accounts/User1001" ] $ dbus-send --system --type=method_call --print-reply \ --dest=org.freedesktop.Accounts \ /org/freedesktop/Accounts/User12257 \ org.freedesktop.DBus.Properties.Get \ string:"org.freedesktop.Accounts.User" string:"SystemAccount" method return sender=:1.3 -> dest=:1.85 reply_serial=2 variant boolean false I suspect this patch is the problem: http://cgit.freedesktop.org/accountsservice/commit/?id=8dd2ac2a79636349de5846fab2050a7866f2ddee Since we use Kerberos, my password is just a "*" in the passwd entry (according to getent). That would match a system account by the commit 8dd2ac2 mentioned above since that looks for passwords that match "$n$..." or "[./A-Za-z0-9]*" Moving this to accountsservice component Created attachment 742381 [details] patch to revert upstream commit 8dd2ac2 I reversed commit 8dd2ac2 from the 0.6.31 packages with the attached patch and built a test package: accountsservice-0.6.31-2.fc19.no8dd2ac2.x86_64 http://koji.fedoraproject.org/koji/taskinfo?taskID=5322859 I still show up in the gdm list, and I'm in the cached-user-list still and I'm not marked as a system account, so I've confirmed that 8dd2ac2 is the problem. Hmm, yes that is indeed broken. We shouldn't count on reading a password hash. I've attached a better patch upstream at: https://bugs.freedesktop.org/show_bug.cgi?id=64186 Jeff, is this something you're interested in testing? Sure. Do you have an rpm? or should I grab the upstream patch and build locally? I installed the latest accountsservice-0.6.32-1.fc19 from koji and verified that my account from sssd+ldap is listed at the gdm screen. Thanks! http://koji.fedoraproject.org/koji/buildinfo?buildID=419176 Thanks for testing. Another update that should include this fix: https://admin.fedoraproject.org/updates/accountsservice-0.6.34-1.fc19 Installing, and testing here... |