Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1718156

Summary:

pam_sss should reset PAM_USER based on use_fully_qualified_names option in sssd.conf

Product:

Red Hat Enterprise Linux 8

Reporter:

adam winberg <adam.winberg>

Component:

sssd

Assignee:

Sumit Bose <sbose>

Status:

CLOSED ERRATA

QA Contact:

sssd-qe <sssd-qe>

Severity:

unspecified

Docs Contact:

Priority:

unspecified

Version:

8.0

CC:

grajaiya, jhrozek, lslebodn, mzidek, pbrezina, sgoveas, spoore, thalman, tscherf, wchadwic

Target Milestone:

Flags:

jhrozek: mirror+

Target Release:

8.2

Hardware:

Unspecified

OS:

Unspecified

Whiteboard:

sync-to-jira

Fixed In Version:

sssd-2.2.3-2.el8

Doc Type:

If docs needed, set a value

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2020-04-28 16:56:02 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
sssd.conf	none

Description adam winberg 2019-06-07 06:15:48 UTC

Description of problem:
Logging in with smartcard, there is no file for my user in /var/lib/AccountsService/users/ after login. 

pam_sss get my username from my smart card and puts it on the pam stack in fully qualified format:
a001329.com

GDM debug log:
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: Enabling debugging
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: connecting to address: unix:abstract=/tmp/dbus-aSrXobDV
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: system OS is 'rhel'
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: system OS version is '8.0'
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: Failed to identify the current session: No data available
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: seat unloaded, so trying to set loaded property
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: Seat wouldn't load, so giving up on it and setting loaded property
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: already loaded, so not setting loaded property
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to SETUP_COMPLETE
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: initializing PAM; service=gdm-smartcard username=(null) seat=seat0
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'XDG_SEAT=seat0'
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: state SETUP_COMPLETE
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to AUTHENTICATED
Jun 05 14:06:21 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: authenticating user (null)
Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: 1 new messages received from PAM
Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: username is 'a001329.com'
Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: old-username='<unset>' new-username='a001329.com'
Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: setting username to 'a001329.com'
Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to load user settings
Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: trying to track new user with username a001329.com
Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finding user 'a001329.com' state 1
Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finding user 'a001329.com' state 2
Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: Looking for user 'a001329.com' in accounts service
Jun 05 14:06:22 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: received pam message of type 1 with payload 'PIN for Instant EID IP9'
Jun 05 14:06:23 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: trying to get updated username
Jun 05 14:06:23 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: PAM conversation returning 0: Success
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: pam_sss(gdm-smartcard:auth): authentication success; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=a001329.com
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: state AUTHENTICATED
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: trying to get updated username
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: username is 'a001329.com'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: old-username='a001329.com' new-username='a001329.com'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: Found object path of user 'a001329.com': /org/freedesktop/Accounts/User60483
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finding user 'a001329.com' state 3
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: user 'a001329.com' fetched
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: user a001329 is now loaded
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: user a001329 was not yet known, adding it
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: tracking user 'a001329'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: not yet loaded, so not emitting user-added signal
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: no pending users, trying to set loaded property
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: already loaded, so not setting loaded property
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finished handling request for user 'a001329.com'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: unrefing manager owned by fetch user request
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to AUTHORIZED
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: determining if authenticated user (password required:0) is authorized to session
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: state AUTHORIZED
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to ACCREDITED
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'LOGNAME=a001329.com'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'USER=a001329.com'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'USERNAME=a001329.com'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'HOME=/home/a001329'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'PWD=/home/a001329'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'SHELL=/bin/bash'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: state ACCREDITED
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: session display mode set to new-vt
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'XDG_SESSION_TYPE=x11'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'GDK_BACKEND=x11'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to ACCOUNT_DETAILS_SAVED
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: saving account details for user a001329.com
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: trying to track new user with username a001329.com
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finding user 'a001329.com' state 1
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finding user 'a001329.com' state 2
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: Looking for user 'a001329.com' in accounts service
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: could not save session and language settings
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to SESSION_OPENED
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'XDG_VTNR=7'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: pam_unix(gdm-smartcard:session): session opened for user a001329.com by (uid=0)
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: 1 new messages received from PAM
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: username is 'a001329.com'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: old-username='a001329.com' new-username='a001329.com'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: received pam message of type 4 with payload 'Last login: Wed Jun  5 13:59:23 CEST 2019 on tty7'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: PAM conversation returning 0: Success
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: state SESSION_OPENED
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: Found object path of user 'a001329.com': /org/freedesktop/Accounts/User60483
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finding user 'a001329.com' state 3
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: user 'a001329.com' fetched
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: user a001329 is now loaded
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sessions changed (user a001329) num=0
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: no pending users, trying to set loaded property
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: already loaded, so not setting loaded property
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: finished handling request for user 'a001329.com'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GLib-GObject: invalid uninstantiatable type '(null)' in cast to 'GObject'
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: GLib-GObject: g_object_set_data: assertion 'G_IS_OBJECT (object)' failed
Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: unrefing manager owned by fetch user request
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'LANG=en_GB.UTF-8'
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'GDMSESSION=gnome'
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'XDG_SESSION_DESKTOP=gnome'
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'DESKTOP_SESSION=gnome'
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'XDG_CURRENT_DESKTOP=GNOME'
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: Set PAM environment variable: 'GDM_LANG=en_GB.UTF-8'
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: start program: /usr/libexec/gdm-x-session  "gnome-session"
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: attempting to change state to SESSION_STARTED
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: opening user session with program '/usr/libexec/gdm-x-session'
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: jumping to VT 7
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: first setting graphics mode to prevent flicker
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: VT mode did not need to be fixed
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Trying script /etc/gdm/PostLogin
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: script /etc/gdm/PostLogin not found; skipping
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Trying script /etc/gdm/PostLogin/Default
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: script /etc/gdm/PostLogin/Default not found; skipping
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: no script found
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Trying script /etc/gdm/PreSession
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: script /etc/gdm/PreSession not found; skipping
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Trying script /etc/gdm/PreSession/Default
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Running process: /etc/gdm/PreSession/Default
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: HOME=/home/a001329
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: GROUP=id
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: RUNNING_UNDER_GDM=true
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: LOGNAME=a001329.com
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: USERNAME=a001329.com
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: PWD=/home/a001329
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: USER=a001329.com
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: SHELL=/bin/bash
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Gdm: script environment: PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: Process exit status: 0
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: session opened creating reply...
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSessionWorker: state SESSION_STARTED
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30108]: GdmSession worker: watching pid 30414
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30414]: Loading env vars from /usr/share/gdm/env.d/flatpak.env
Jun 05 14:06:29 c21637.ad.example.com gdm-smartcard][30414]: GdmSessionWorker: Set PAM environment variable: 'XDG_DATA_DIRS=/home/a001329/.local/share/flatpak/exports/share/:/var/lib/flatpak/exports/share/:/usr/local/share/:/usr/share/'
Jun 05 14:07:28 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sending user-changed signal for user a001329
Jun 05 14:07:28 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sent user-changed signal for user a001329
Jun 05 14:07:28 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: updating user a001329
Jun 05 14:07:28 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sending user-changed signal for user a001329
Jun 05 14:07:28 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sent user-changed signal for user a001329
Jun 05 14:07:28 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: updating user a001329
Jun 05 14:07:51 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sending user-changed signal for user a001329
Jun 05 14:07:51 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sent user-changed signal for user a001329
Jun 05 14:07:51 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: updating user a001329
Jun 05 14:07:51 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sending user-changed signal for user a001329
Jun 05 14:07:51 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: sent user-changed signal for user a001329
Jun 05 14:07:51 c21637.ad.example.com gdm-smartcard][30108]: AccountsService: ActUserManager: updating user a001329


Looks like AccountsService is converting the fq name to short name in some places and in some places does not. The line:

could not save session and language settings

indicates to me that AccountsService failed to create the user session file, but there is no information about why. 

Version-Release number of selected component (if applicable):
gdm-3.28.3-20.el8.x86_64
accountsservice-0.6.50-6.el8.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Log in with smartcard using pam_sss
2.
3.

Actual results:
No user session file in /var/lib/AccountsService/users/

Expected results:


Additional info:
Also, GDM uses the fully qualified name format when setting the environment variables '$USER', '$USERNAME' and '$LOGNAME'. For me this seems wrong, it should be the short version of the name.

Comment 1 adam winberg 2019-06-11 11:26:55 UTC

Logging in with username/password works as expected and AccountsService has no problems creating a session file.

Comment 2 Ray Strode [halfline] 2019-06-11 20:14:45 UTC

can you attach your sssd.conf ?

Comment 3 adam winberg 2019-06-12 05:47:09 UTC

Created attachment 1579619 [details]
sssd.conf

Comment 4 Ray Strode [halfline] 2019-06-12 17:57:13 UTC

does setting use_fully_qualified_names=true in the file fix your issue?

It could be that pam_sss is neglecting to square up PAM_USER based on the value of that setting and the value coming from smartcard.

Comment 5 adam winberg 2019-06-13 07:54:02 UTC

Yes, setting 'use_fully_qualified_names=true' in sssd.conf does make AccountsService able to create the user session file. But we really dont want fully qualified names, we only have one domain and have built a lot of tooling around the concept of short usernames. So yeah, maybe pam_sss should consider the setting of 'use_fully_qualified_names' before setting input to PAM_USER.

Comment 6 Ray Strode [halfline] 2019-06-17 20:56:11 UTC

okay reassigning and retitling.

Comment 7 Jakub Hrozek 2019-06-20 12:53:48 UTC

*** Bug 1719245 has been marked as a duplicate of this bug. ***

Comment 9 Sumit Bose 2019-08-21 11:16:27 UTC

Upstream ticket:
https://pagure.io/SSSD/sssd/issue/4069

Comment 13 Sumit Bose 2019-08-23 18:17:26 UTC

Master:
 - 5dccf76aff8ac5b4adf000c8b701a7a9fae506c2

Comment 18 Scott Poore 2020-01-03 01:02:03 UTC

Verified.

Version ::

sssd-2.2.3-6.el8.x86_64

Results ::

End of automation results:
...

Created SSSD Config:
SSSD Config File name:  /etc/sssd/conf.d/sssd_pam_fqname.conf
SSSD Settings:
[domain/ipa.test]
use_fully_qualified_names = true
full_name_format = %2$s+%1$s

['expect', '-f', '/tmp/ipa_sc_test.d/NO1M1soxoJ.exp']
spawn sssctl user-checks -s gdm-smartcard  -a auth
user: 
action: auth
service: gdm-smartcard

testing pam_authenticate

PIN for sctest (MyEID): 
pam_authenticate for user [ipa.test+ipauser1]: Success

PAM Environment:
 - PKCS11_LOGIN_TOKEN_NAME=sctest (MyEID)
 - KRB5CCNAME=KCM:


PASSED

The check at the end determining PASSED is if {domain}+{username} in expect output.

Comment 20 errata-xmlrpc 2020-04-28 16:56:02 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1863