[Freeipa-users] Problems with ssh and install-uninstall-install sequence on the server
Prasun Gera
prasun.gera at gmail.com
Thu Mar 19 21:50:50 UTC 2015
It's just that /var/lib/sss/db is not cleared between subsequent server
installs and uninstall, and that seems to be creating problems on the
server since the server is also a client. If you do
install-uninstall-install on the server with the same domain name for both
the installs, you cannot authenticate using sssd after the second install.
A simple command like 'ssh admin at localhost' on the server gives permission
denied. I don't know if this is a regression, but it would help if someone
could reproduce this error.
On Thu, Mar 19, 2015 at 4:19 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
>
> > On 19 Mar 2015, at 20:09, Prasun Gera <prasun.gera at gmail.com> wrote:
> >
> > I thought a bit more about the issue of conflicts in /var/lib/sss/db,
> and I think it's a pretty significant problem, probably from a security
> standpoint too. The fact that it's trying to authenticate against something
> stale and incorrect would imply that it might erroneously authenticate
> against something it should not. Also, this problem would lock out all
> clients and be a nightmare to deal with if the master server needs to be
> replaced/migrated.
> >
>
> I'm sorry to come late into this thread, but from the subject it wasn't
> clear it's also about SSSD.
>
> Can you describe the problem better? How did you manage to create
> conflicts in sssd database?
>
> > On Thu, Mar 19, 2015 at 11:57 AM, Nalin Dahyabhai <nalin at redhat.com>
> wrote:
> > On Wed, Mar 18, 2015 at 05:55:52PM -0400, Rob Crittenden wrote:
> > > > getcert status
> > > > process 31282: arguments to dbus_message_new_method_call() were
> > > > incorrect, assertion "path != NULL" failed in file dbus-message.c
> line 1262.
> > > > This is normally a bug in some application using the D-Bus library.
> > > > D-Bus not built with -rdynamic so unable to print a backtrace
> > > > Aborted (core dumped)
> > >
> > > Please open a bug against certmonger.
> >
> > I'm pretty sure this one's already being tracked as #1148001.
> >
> > Cheers,
> >
> > Nalin
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150319/17da8d8f/attachment.htm>
More information about the Freeipa-users
mailing list