[Freeipa-users] Error message when denied by HBAC
Stephen Gallagher
sgallagh at redhat.com
Tue Sep 6 18:37:07 UTC 2011
On Tue, 2011-09-06 at 20:04 +0200, Sigbjorn Lie wrote:
> Hi,
>
> I attempt a login with a user account that's being denied access to the
> host via HBAC, I receive the following generic error message.
>
> Sep 6 20:02:03 ipa01 sshd[11592]: pam_sss(sshd:account): Access denied
> for user username: 4 (System error)
>
>
> Would it be an idea to change this to advise that the user login was
> denied due to HBAC rules? I see this is a bit confusing.
"System error" means that something went wrong with processing. It
defaults to DENY (to be safe), but it's actually an error.
What version of SSSD are you running on the client? We fixed a fair
number of HBAC bugs in the 1.5.13 release (which is currently in the
updates-testing repos for F14, F15 and F16).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110906/70b6212a/attachment.sig>
More information about the Freeipa-users
mailing list