Bug 1297462 - Don't include 'enable_only=sssd' in the localauth plugin config
Summary: Don't include 'enable_only=sssd' in the localauth plugin config
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd   
(Show other bugs)
Version: 7.3
Hardware: Unspecified Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: shridhar
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-01-11 15:15 UTC by Jakub Hrozek
Modified: 2017-08-01 08:58 UTC (History)
11 users (show)

Fixed In Version: sssd-1.15.0-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 08:58:07 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:2294 normal SHIPPED_LIVE sssd bug fix and enhancement update 2017-08-01 12:39:55 UTC

Description Jakub Hrozek 2016-01-11 15:15:24 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2920

This came up during an IRC discussion with Sumit as a cheap way to proceed towards fixing ticket #2707.

If we drop 'enable_only = sssd' from localauth_plugin. Then the krb5 default should be used after the SSSD plugin does not give a definitive result.

Comment 2 Jakub Hrozek 2016-01-27 15:03:07 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2788

Comment 4 Jakub Hrozek 2016-07-01 14:20:20 UTC
We already did some improvements to the localauth plugin logic, this ticket is an incremental improvement planned for the next version

Comment 5 Jakub Hrozek 2016-11-14 10:57:01 UTC
master: 2658ad37cd04f211aa28b1d71acb27c4edfb03da

Comment 7 shridhar 2017-05-26 08:24:11 UTC
pls share the steps to verify this bugzilla?

Comment 8 Sumit Bose 2017-05-26 09:31:26 UTC
Just check if there is no line 'enable_only=sssd' in /var/lib/sss/pubconf/krb5.include.d/localauth_plugin.

Then content should just look like

[plugins]
 localauth = {
  module = sssd:/usr/lib/sssd/modules/sssd_krb5_localauth_plugin.so
 }


or ../lib64/.. depending on the platform

HTH

bye,
Sumit

Comment 9 shridhar 2017-05-26 10:05:16 UTC
Verified with 
r7-permanent ~]# rpm -q sssd 
sssd-1.15.2-33.el7.x86_64

[root@shr-r7-permanent ~]# cat /var/lib/sss/pubconf/krb5.include.d/localauth_plugin
[plugins]
 localauth = {
  module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so
 }

Comment 10 errata-xmlrpc 2017-08-01 08:58:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:2294


Note You need to log in before you can comment on or make changes to this bug.