Red Hat Bugzilla – Bug 875738
offline authentication failure always returns System Error
Last modified: 2013-02-21 04:40:06 EST
This bug is created as a clone of upstream ticket: https://fedorahosted.org/sssd/ticket/1636 Whenever there is any error during offline authentication, including mistyped password, pam_sss always returns System Error. This is confusing to the admin, as looking at /var/log/secure makes it look like the SSSD is in trouble.
Verified the BZ on SSSD version: sssd-1.9.2-41.el6.x86_64 Below is the beaker output for the automated script: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: 875738 - offline authentication failure always returns System Error :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'ldapadd -xv -D "cn=Directory Manager" -w Secret123 -H ldap://hubcap.lab.eng.pnq.redhat.com -f /tmp/tempuser.ldif' :: [ PASS ] :: Running '> /var/log/sssd/sssd_pam.log' :: [ LOG ] :: Sleeping for 5 seconds :: [ PASS ] :: Running 'restart_clearing_cache' :: [ PASS ] :: Running 'sleep 5' :: [ PASS ] :: Running 'chmod 755 /tmp/ssh.sh' :: [ PASS ] :: Running '/tmp/ssh.sh' :: [ PASS ] :: Running 'ifdown eth0' :: [ PASS ] :: Running 'sleep 5' :: [ PASS ] :: Authentication failed, as expected :: [ PASS ] :: Running 'auth_failure off_user WrongPass' :: [ PASS ] :: Running 'sleep 5' :: [ PASS ] :: File '/var/log/sssd/sssd_pam.log' should not contain 'System error' :: [ PASS ] :: File '/var/log/secure' should not contain 'System error' :: [ PASS ] :: Running 'ifup eth0' :: [ LOG ] :: Duration: 1m 45s :: [ LOG ] :: Assertions: 15 good, 1 bad :: [ PASS ] :: RESULT: 875738 - offline authentication failure always returns System Error
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0508.html