Short version: freeipa-client upgraded from 4.8.9-2 to 4.8.10-5 this morning and now no one can log in. Longer version: the triggerin scriptlet in this package for openssh-server contains a section called: # Take the values from /etc/ssh/sshd_config and put them in 04-ipa.conf but it does not check that /etc/ssh/sshd_config.d is actually included in the sshd_config. Ours is not, because the configuration dates from a time before that was a thing. So removing those configuration entries did actually change the config from a working one to a non-working one. Specifically, the "UsePAM yes" setting was removed, and now it defaults to "no".
Fixed upstream in https://pagure.io/freeipa/issue/8535 It hasn't been applied to the Fedora builds yet.
FEDORA-2020-e9b167b8af has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-e9b167b8af
FEDORA-2020-3b90977761 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-e142bd6b5b has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-e142bd6b5b
FEDORA-2020-e142bd6b5b has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-e142bd6b5b` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-e142bd6b5b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-e9b167b8af has been pushed to the Fedora 33 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-e9b167b8af` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-e9b167b8af See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Re-opening for F33 and proposing as an F33 Final FE. This bug can be ugly if you hit it on upgrade, it'd be good to fix it ASAP so it doesn't inconvenience people - in some circumstances it might be hard for them to access an affected system to update it to a later-published fix.
Discussed during the 2020-10-19 blocker review meeting: [0] The decision to classify this bug as an "AcceptedFreezeException (Final)" was made as it is a noticeable issue that cannot be fixed with an update. [0] https://meetbot.fedoraproject.org/fedora-blocker-review/2020-10-19/f33-blocker-review.2020-10-19-16.01.txt
FEDORA-2020-e9b167b8af has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-e142bd6b5b has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.