Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/sssd/ticket/1268 There is an infinite loop in the read/write loop of {{{connect_socket()}}} in sss_ssh_knownhostproxy.c. As a result, logins to systems with knownhostproxy enabled will hang forever.
See BZ #801451 for details on how to reproduce this
Make sure knownhostsproxy is enabled. Relevant sssd.conf: [domain/lab.eng.pnq.redhat.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = lab.eng.pnq.redhat.com id_provider = ipa auth_provider = ipa access_provider = ipa ldap_account_expire_policy = ipa ipa_hostname = primenova.lab.eng.pnq.redhat.com chpass_provider = ipa ipa_server = primenova.lab.eng.pnq.redhat.com ldap_tls_cacert = /etc/ipa/ca.crt debug_level = 9 # ssh -l shanks primenova.lab.eng.pnq.redhat.com Connection closed by UNKNOWN /var/log/message: Mar 21 01:18:14 primenova sshd[22821]: pam_sss(sshd:account): system info: [The user account is locked on the server] Mar 21 01:18:14 primenova sshd[22821]: pam_sss(sshd:account): Access denied for user shanks: 6 (Permission denied) Mar 21 01:18:14 primenova sshd[22822]: fatal: Access denied for user shanks by PAM account configuration /var/log/sssd/sssd_<domain>.log (Wed Mar 21 01:18:53 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [sdap_account_expired_rhds] (0x0400): Performing RHDS access check for user [shanks] (Wed Mar 21 01:18:53 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [sdap_account_expired_rhds] (0x4000): Account for user [shanks] is locked. (Wed Mar 21 01:18:53 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 6, <NULL>) [Success] (Wed Mar 21 01:18:53 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (0x0100): Sending result [6][lab.eng.pnq.redhat.com] (Wed Mar 21 01:18:53 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (0x0100): Sent result [6][lab.eng.pnq.redhat.com] (Wed Mar 21 01:18:55 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [sbus_dispatch] (0x4000): dbus conn: ACDEF0 (Wed Mar 21 01:18:55 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [sbus_dispatch] (0x4000): Dispatching. (Wed Mar 21 01:18:55 2012) [sssd[be[lab.eng.pnq.redhat.com]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] Verified: sssd-1.8.0-17.el6.x86_64
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: A programming error caused a loop to be exited only on error. Consequence: When the connection was closed, the loop was not exited, which caused sss_ssh_knownhostsproxy to hang. Fix: Exit the loop when the connection is closed. Result: sss_ssh_knownhostsproxy does not hang when the connection is closed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0747.html