[Freeipa-users] Why would /etc/passwd get skipped?
Bret Wortman
bret.wortman at damascusgrp.com
Thu May 22 17:12:57 UTC 2014
Ahhhh. Then it's probably not the source of my performance problem. I
know when I shut down SSSD, that user's ssh times speed up incredibly.
Bret
On 05/22/2014 01:06 PM, Simo Sorce wrote:
> On Thu, 2014-05-22 at 12:47 -0400, Bret Wortman wrote:
>> If this line is in /etc/nsswitch.conf:
>>
>> passwd: files sss
>>
>> Why would the user account from IPA get used when an identical one
>> exists in /etc/passwd? We can tell because of some additional groups
>> granted when authentication comes from IPA.
>>
>> If I shut down sssd, then login proceeds through /etc/passwd as
>> expected, but as soon as I restart sssd, this behavior starts again.
>> It's almost as if nsswitch.conf is being ignored or read
>> right-to-left.
>>
>> Just another oddity I uncovered on one system as I was troubleshooting
>> a
>> particularly long "ssh localhost" and trying to rule things out.
>>
> The initgroups call (done at authentication to find what groups a user
> is member of) by default traverses all databases, so if the same
> username is found in multiple databases the groups are added as well.
>
> There is actually a way to change this behavior, although it usually
> causes more issue than it resolves.
>
> You could try with: initgroups: files sss
>
> Simo.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140522/33a0c2ee/attachment.p7s>
More information about the Freeipa-users
mailing list