[Freeipa-users] sssd in Ubuntu
Jakub Hrozek
jhrozek at redhat.com
Mon Dec 12 09:52:50 UTC 2011
On Sun, Dec 11, 2011 at 11:49:46PM +0100, Sigbjorn Lie wrote:
> On the other hand, even though looking up users, groups and
> netgroups seem fine, I cannot log in. Neither at the console, su, or
> ssh. Was there an issue with HBAC rules in SSSD 1.5.13 ?
>
> Dec 11 21:13:32 mint12 su[6769]: pam_sss(su:account): Access denied
> for user test: 6 (Permission denied)
>
>
>
> Rgds,
> Siggi
>
Yes, there was a number of HBAC-related fixes since 1.5.13. The
following commits touched files in src/providers/ipa/ipa_hbac*.[ch]:
* Add a missing break (9077c3ebec92454d8ed949491c4ca89ed6cdf75a)
* Do not access memory out of bounds
(a2a954c4186aaa9e9dd027aebb986062fc5670e7)
* HBAC: fix typos preventing proper hostgroup evaluation
(28a9f96c3f9e6aa30fb1cbbbb33fe2ee2b1d7ef6)
* HBAC: Do not save member/memberOf links
(d14a28835223c0578b0a28a8c74d11777c50bcb9)
* HBAC: Use originalMember for identifying servicegroups
(d74b59b13208fa9508baaf5a1a5172fecad321ae)
* HBAC: Use originalMember for identifying hostgroups
(7c77e790204f82bce88dd6ecd237c941a9389349)
Obviously, the Ubuntu package might have backported some of these into
their 1.5.13 distribution package. The list was taken from upstream 1.5
branch.
More information about the Freeipa-users
mailing list