1297462 – Don't include 'enable_only=sssd' in the localauth plugin config

Bug 1297462 - Don't include 'enable_only=sssd' in the localauth plugin config

Summary: Don't include 'enable_only=sssd' in the localauth plugin config

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	SSSD Maintainers
QA Contact:	shridhar
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-01-11 15:15 UTC by Jakub Hrozek
Modified:	2020-05-02 18:10 UTC (History)
CC List:	11 users (show)
Fixed In Version:	sssd-1.15.0-1.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-01 08:58:07 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 3829	0	None	None	None	2020-05-02 18:10:15 UTC
Red Hat Product Errata	RHEA-2017:2294	0	normal	SHIPPED_LIVE	sssd bug fix and enhancement update	2017-08-01 12:39:55 UTC

Description Jakub Hrozek 2016-01-11 15:15:24 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2920

This came up during an IRC discussion with Sumit as a cheap way to proceed towards fixing ticket #2707.

If we drop 'enable_only = sssd' from localauth_plugin. Then the krb5 default should be used after the SSSD plugin does not give a definitive result.

Comment 2 Jakub Hrozek 2016-01-27 15:03:07 UTC

Upstream ticket:
https://fedorahosted.org/sssd/ticket/2788

Comment 4 Jakub Hrozek 2016-07-01 14:20:20 UTC

We already did some improvements to the localauth plugin logic, this ticket is an incremental improvement planned for the next version

Comment 5 Jakub Hrozek 2016-11-14 10:57:01 UTC

master: 2658ad37cd04f211aa28b1d71acb27c4edfb03da

Comment 7 shridhar 2017-05-26 08:24:11 UTC

pls share the steps to verify this bugzilla?

Comment 8 Sumit Bose 2017-05-26 09:31:26 UTC

Just check if there is no line 'enable_only=sssd' in /var/lib/sss/pubconf/krb5.include.d/localauth_plugin.

Then content should just look like

[plugins]
 localauth = {
  module = sssd:/usr/lib/sssd/modules/sssd_krb5_localauth_plugin.so
 }


or ../lib64/.. depending on the platform

HTH

bye,
Sumit

Comment 9 shridhar 2017-05-26 10:05:16 UTC

Verified with 
r7-permanent ~]# rpm -q sssd 
sssd-1.15.2-33.el7.x86_64

[root@shr-r7-permanent ~]# cat /var/lib/sss/pubconf/krb5.include.d/localauth_plugin
[plugins]
 localauth = {
  module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so
 }

Comment 10 errata-xmlrpc 2017-08-01 08:58:07 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:2294

Note You need to log in before you can comment on or make changes to this bug.